<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

4 NIS Directive Services VARs can provide to their Customers

Topics: Cyber Security, NIS, Incident Response, Identity Access

Posted: 19 April 2018

4 NIS Directives VAR can provide their customers

With the GDPR (General Data Protection Regulation) getting all the headlines in the past two years, it is hard to garner any attention on anything else. Yet for good reason, the GDPR is widely focused and will for some challenge the way they take their offering to market. However, there have been developments, both legislative and not, in the past two years which can present opportunities for VARs (Value-Added Resellers) and solution providers alike.

Introduction: What is the NIS Directive?

One such example of this is the European-wide NIS Directive, which was adopted in August 2016 with a 21 month transposition time into member state law (9th May 2018). Much like the GDPR, the NIS Directive is pre-Brexit and therefore will be implemented and upheld in the UK.

In terms of application, the NIS Directive defines a category of organisations known as OESs (Operators of Essential Services). This includes organisations such as private healthcare who offer front-line services, utilities, internet exchange points and major transportation providers to name but a few. The entire list for the UK can be found in annex 1 of the Department for Digital, Culture Media and Sports guidelines.

These OESs must implement controls which create a baseline level of acceptable cyber resilience and be able to demonstrate those capabilities.

How can you help?

It is likely that some of your customers will fall into the category of an OES and have to meet the defined standards. Below are four services you can provide to help them to ensure they are NIS Directive.

1. Governance and Risk Management

OESs need to be able to demonstrate that they embedded policies and controls in their organisations which are adhered to. This includes rudimentary tasks such as asset management, risk management and supply chain due diligence. It all sounds very ISO 27001, which means that if you currently offer ISO 27001 type services, you should be able to assist your customers with these requirements.

2. Protective Cyber Security Controls

The NIS Directive mentions a number of areas for review which could require solutions or changes in policy. These include identity management, access control, data security, system security and staff training. Much like the GDPR there are no specific technology types mentioned, yet this is indeed the moment to show off your shiny portfolio.

[You might also like "5 Ways the GDPR will Affect VAR Sales People"]

3. Cyber Attack and Breach Detection

Logging solutions, threat detection and SOC services can all be used to help detect incidents of cyber attack and breach. Particularly in the case of SOC services, smaller customers are going to be keen to outsource their capabilities for detection.

4. Incident Response and Recovery

Post-incident, OES's are expected to be hyper resilient and able to either return to full service quickly or suffer no outage at all. SOAR solutions (Security Orchestration, Automation and Response) are likely to be popular as are any backup solutions or cold site services. In similar spirit to the GDPR, there is a focus on ensuring that incidents are not viewed as being something that can be eliminated and instead sensible containment and response plans put in place.

Conclusion: Utilising Existing Skills

There is nothing fundamentally new in the NIS Directive, all the of the requirements can be solved using solutions, services or capabilities that VARs already provide, albeit it possibly in a different form. Sometimes offering services which compliment legislation or a legal framework can seem intimidating or the bastion of legally educated persons only. However, it indeed the opposite. Where OESs are in need of help most, are the areas which we as the IT security community excel in most.

Cyber security is our game and the NIS Directive is our enabler.

7 GDPR Services VAR's can offer their customers

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts