Implementing NIS2 EU Directive to a Large International Company in Finland
Fransila, Kimmo (2024)
Lataukset:
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202404055821
https://urn.fi/URN:NBN:fi:amk-202404055821
Tiivistelmä
Background for this study is cybersecurity frameworks, cybersecurity specific legislation, and commercial certificates within this field and how to ensure that companies are following applicable requirements at an adequate level. The most important item is however, that the critical infrastructure is protected and prepared against any kind of cyber-attack. Telecom operators are part of that critical infrastructure.
Cybersecurity legislation is affecting an increasing number of areas in our modern societies. Companies are obliged to comply with legislation. The de facto frameworks and certificates are something that companies follow and implement voluntarily for business purposes. They also follow leading industry guidelines for protecting companies against cybercrime and in many cases offer specific control functions to fulfil the legislation.
The purpose of this thesis is to make ensure that legislative demands are fulfilled in a telecom company that is now under the NIS2 compliance umbrella. This thesis offers guidance and ensure that legal demands are fulfilled. One important note is that, when companies are working with solutions on their own to protect themselves against cybercrime. Therefore, it is important to recognize which parts of the solutions already fulfil the legal demands and what is still needed to be done.
This challenge was solved by running a companywide NIS2 implementation project.
The scope of this study is to implement NIS2 requirements efficiently to telecom company. NIST, ISO27001, and local law and regulations requirements are implemented to a certain extent as well in this case.
Cybersecurity legislation is affecting an increasing number of areas in our modern societies. Companies are obliged to comply with legislation. The de facto frameworks and certificates are something that companies follow and implement voluntarily for business purposes. They also follow leading industry guidelines for protecting companies against cybercrime and in many cases offer specific control functions to fulfil the legislation.
The purpose of this thesis is to make ensure that legislative demands are fulfilled in a telecom company that is now under the NIS2 compliance umbrella. This thesis offers guidance and ensure that legal demands are fulfilled. One important note is that, when companies are working with solutions on their own to protect themselves against cybercrime. Therefore, it is important to recognize which parts of the solutions already fulfil the legal demands and what is still needed to be done.
This challenge was solved by running a companywide NIS2 implementation project.
The scope of this study is to implement NIS2 requirements efficiently to telecom company. NIST, ISO27001, and local law and regulations requirements are implemented to a certain extent as well in this case.