NIS / NIS2 Directive
Maor's specialists offer guidance on complying with the EU's NIS/NIS2 Directive, focusing on enhanced cybersecurity obligations, risk management and safeguarding a broad spectrum of data.
The Directive on Security of Network and Information System (the NIS Directive) was the first cybersecurity legislation passed by the EU in 2016. NIS2 came into force in 2023, placing further and stronger obligations on even more organisations regarding risk management, corporate accountability, reporting, and business continuity. Maor’s specialists can advise your organisation on their cybersecurity obligations under NIS / NIS2 and the ongoing measures required to ensure security risks are managed appropriately. The Directive aims to set out common security standards and practices, improving cybersecurity capabilities and communication levels across the EU, by securing network and information systems, as well as their digital data. Whereas GDPR only applies to information that malicious actors could use to identify individuals, the NIS Directive covers personal data, enterprise data, and other critical information.
Implementation
Design, development and implementation of ISO/IEC 27001:2022 -conformant information security management system (leveraging ISO/IEC 27001:2022 best practice guides/codes of practice 27002, 27003, 27004, 27005 and 27007).
Gap Analysis
Provision of ISO/IEC 27001 gap analysis resulting in critical insight into your organisation’s current conformance/compliance status to ISO/IEC 27001 - and how to bridge any gaps. Essentially, ISO/IEC 27001 gap analysis provides specific awareness of what needs to be done to attain ISO/IEC 27001 certification with the added bonus of also understanding your organisation's security position/posture.
INTERNAL Audit Services
Provision of fully ISO/IEC 27001-conformant audit/auditor services (single/recurring audits and/or a “turnkey” internal audit programme) which critically contributes to the mandatory performance evaluation and continual improvement requirements of ISO/IEC 27001.
Our “turnkey” internal audit programme can also include foundational auditor competency development through coaching and mentoring. Additionally, Maor can also provide a secure hosting option of its custom-designed audit programme cloud-based application to further underpin effective and efficient audit management.
Employee ISO/IEC 27001-focused information security training and education
Design, development, delivery, evaluation and continual improvement of ISO/IEC 27001 education and training to meet the dual objectives of assuring suitable, adequate and relevant ISO/IEC 27001 awareness and competency across all ISMS roles, responsibilities and authorities. All our education and training provides suitable and adequate documented evidence of participation and associated competence achievement.
Our ISO/IEC 27001 education and training includes:
· General employee education and awareness.
· Practical implementation including critical information security risk assessment and treatment).
· Auditor development and mentoring.
· Risk management (including general risk management).
· Top (Senior) management workshops (ISO/IEC 27001 for Top Management).
· ISMS and information security performance evaluation.
· Custom-designed organizational-focused programmes.
Maor ISO/IEC 27001 education and training services takes a collaborative, co-design/co-development approach and is facilitated by internationally experienced practitioners (training and ISO/IEC 27001).
