Abhishek Kumar (Abhi)’s Post

CRA is now a regulation! 👉🏻 The Cyber Resilience Act (CRA) became a regulation on November 20, published in the Official Journal of the European Union (OJEU). This regulation applies to all products with digital components and mandates that "vulnerability handling" requirements be fulfilled within 21 months from the publication date. Additionally, all other "essential cybersecurity" requirements must be met within 36 months. 👉🏻 There are slight differences between the initial proposal published in 2022 (EU/2022/0272) and the final regulation (EU/2024/2847). Notably, the proposal's requirement to "place products on the market without known vulnerabilities" has been replaced by a clause related to "cybersecurity assessment," affecting the numbering of essential requirements. Security upgrades, previously listed last in the proposal, are now placed higher in the regulation. 👉🏻 A new clause has been added to align with other cybersecurity regulations and the EU Data Act. This clause requires entities to provide options for permanently removing or securely transferring all user data. This aims to ensure data protection, safe storage, implementation of the "right to be forgotten," secure data transfer, interoperable use, and integrated data use for generating meaningful new insights. 👉🏻 The compliance process has begun, and entities must evaluate and prepare organizationally to meet these new requirements. Time is ticking for compliance! #CRA #CyberResilienceAct #essentialrequirements #productsecurity #compliance

The European Union established DORA and NIS2 laws to bolster cybersecurity within the financial sector and critical infrastructure, emphasizing accountability at the management level. And they're both coming up in the next nine months. Summary: 1. These new EU regulations aim to heighten cybersecurity protocols in finance and critical infrastructure. 2. DORA applies to financial entities, whereas NIS2 targets a broader range of critical services. 3. Where DORA and NIS2 intersect, DORA's rules will take precedence. 4. The laws assign the ultimate responsibility for cybersecurity to an organization's management body. 5. Depending on the country and company structure, the management body may have various forms and functions. 6. Management is tasked with creating, approving, and maintaining an ICT risk management framework, which cannot be outsourced. 7. These include establishing cyber policies, setting governance roles, and conducting due diligence on ICT supply chains. 8. Sanctions, fines, and potential liability for damages await those who fail to adhere to these obligations. 9. DORA will be enforced EU-wide by January 17, 2025, and NIS2 must be incorporated into national laws by October 18, 2024. 10. Entities should conduct a gap analysis against current laws to streamline compliance efforts. #cybersecurity #regulation #EU

Digitale Overheid (Digital Government) in the Netherlands provided a self-assessment initiative: Is your organisation affected by NIS2? https://lnkd.in/eMJMk8Ag Let me remind you that NIS2 (Network and Information Systems) Directive (Directive (EU) 2022/2555), which came into force on 16 January 2023, is an updated version of the original NIS Directive and aims to improve cybersecurity across the European Union. It expands the scope to include more sectors and introduces stricter obligations for both essential and important entities, such as healthcare providers, digital services and critical infrastructure operators. Key features of NIS2 include management accountability for cybersecurity, comprehensive risk management measures, supply chain security requirements and strict incident reporting protocols. Member States are required to transpose NIS2 into national law by 17 October 2024. This is a crucial deadline for businesses, as failure to comply with the NIS2 Directive can have severe repercussions, including financial penalties and reputational damage. So the clock is tickin'! #nis2 #governance

Probably you already have documented security policies in place for GDPR, but these will need to be supplemented and updated for DORA. Webinar Link https://lnkd.in/dFaeuu-k Raz-Lee’s iSecurity Suite makes it easy to secure your IBM i systems and meet DORA compliance standards. Join our upcoming webinar to learn how our solution can help you streamline compliance and protect your systems from threats. This webinar covers: When does DORA apply? Guidance for Financial Organizations on DORA DORA Compliance for IBM i DORA Compliance: People, Process, and Technology DORA Compliance: The 5 Pillars About iSecurity for DORA Compliance

📢 Where do law and high-tech intersect? That's right – compliance! We're excited to invite you to a session where we'll delve into the new DORA regulation (Digital Operational Resilience Act). 🔥 Who is this for? Are you part of a legal or GRC team involved in drafting new supplier requirements? Are you an ICT/software provider already receiving client requests to update contracts? Or are you just starting to figure out who this mysterious "DORA" is and what she means for your organization? No matter your familiarity with the topic, this session will offer valuable insights and practical takeaways. 🤝 What will we cover? How is DORA reshaping requirements for ICT providers? What new clauses should contracts include to ensure compliance? Best practices and key findings from leading tech compliance research. 💡 Who's speaking? My colleague Moshe and I are eager to share the latest updates and insights. For instance, I've already combed through the Web of Science and discovered some fascinating points from indexed journals, like the Journal of Technology Law and Practice. You'll hear all about it! 👇Let's Explore DORA Together👇We look forward to seeing you there👇 #IBMi #AS400 #DORA #Regulation #Compliance #CyberSecurity

The Cyber Resilience Act is here - how will it impact your products and operations? Let Knightec, and my colleague Serkan Demir guide you!

The EU Network and Information Security Directive (NIS 2), designed to enhance the cyber-resilience of critical infrastructure and essential entities, came into force in January last year. Member states have until October 2024 to implement it. Kaspersky explains what this means and how to prepare for it ⬇️

The EU Network and Information Security Directive (NIS 2), designed to enhance the cyber-resilience of critical infrastructure and essential entities, came into force in January last year. Member states have until October 2024 to implement it. Kaspersky explains what this means and how to prepare for it ⬇️

The EU Network and Information Security Directive (NIS 2), designed to enhance the cyber-resilience of critical infrastructure and essential entities, came into force in January last year. Member states have until October 2024 to implement it. Kaspersky explains what this means and how to prepare for it ⬇️

The EU Network and Information Security Directive (NIS 2), designed to enhance the cyber-resilience of critical infrastructure and essential entities, came into force in January last year. Member states have until October 2024 to implement it. Kaspersky explains what this means and how to prepare for it ⬇️