Here’s the translation to American English:
—
Public and private organizations are facing significant changes due to the evolution of the European regulatory framework in cybersecurity. With the introduction of regulations like Directive NIS2, the DORA Regulation, and the update of the National Security Scheme (ENS), a thorough review of technological strategies is essential to improve visibility, traceability, and control over technological assets.
Proactivanet, a Spanish company specialized in managing technological assets and services, has identified 13 practical measures that will enable organizations to meet these regulatory demands. Alberto Lombardía, the company’s commercial director, emphasized that compliance with NIS2 or DORA goes beyond just a legal issue; it is also an operational challenge. “What is not known cannot be protected,” he stressed.
Among the recommended actions is the creation of an automatic inventory of all technological assets, which will provide organizations with a clear view of their infrastructure. Additionally, classifying these assets according to their criticality is crucial for identifying those that have a significant impact on operational processes. Detecting and blocking unauthorized software is also essential, as these applications can create vulnerabilities.
Continuous monitoring is another fundamental pillar. This involves ensuring traceability of changes and relevant events within the IT infrastructure, establishing alert mechanisms and responses to deviations or security breaches. Likewise, preparing documentary evidence becomes essential for facing audits, thereby increasing transparency and trust in regulatory compliance.
Proactivanet suggests periodically assessing the risks associated with assets and automating the generation of compliance reports, while also maintaining a clear policy for assigning responsibilities. Lombardía emphasized that these measures not only strengthen security but also optimize costs and improve operational efficiency.
A technical analysis from Proactivanet reveals that by implementing a robust IT asset management (ITAM) strategy, it is possible to fulfill over 70% of the controls established by the ENS. This includes 202 controls classified into low, medium, and high levels. The proposals are tailored for both the public sector, which is required to comply with the ENS, and the private sector, especially financial entities that must adhere to DORA.
Implementing these 13 measures will enable organizations not only to prepare for audits and document evidence but also to align their technology with the required regulations, preparing for a future that prioritizes resilience and security. Proactivanet has developed a free guide detailing these recommendations for those interested in further exploring the necessary actions to comply with the new regulations.
—
via: MiMub in Spanish
