Book a demo form

Book a demo

E8 Brochure Campaign Traffic

Resource Download

Contact Us

Signup Form (Blog Page and Resources Page)

Services Signup (MSSP page popup)

MITRE Att@ck Download (SEIM Pages 2021)

Book a demo form

Landing page - free trial form

Book a demo

E8 Brochure Campaign Traffic

Landing page - E8 demo form

Download the SmartCheck Brochure

Request SmartCheck for Ransomware Demo

SmartCheck for Ransomware Demo

SmartCheck Demo LP

SmartCheck Demo LP 2

MITRE ATT@CK Webinar - Jun 2022

you must read and acknowledge our privacy policy

July 2022 Landing Page (Brochure Download)

  • This field is for validation purposes and should be left unchanged.

July 2022 Landing Page (Director)

  • This field is for validation purposes and should be left unchanged.

Insurance - 25 Minute Q&A

  • This field is for validation purposes and should be left unchanged.

Insurance - Checklist Download

  • This field is for validation purposes and should be left unchanged.

Contact Us (Japan New)

  • お問い合わせフォーム


NIS Directive Compliance for Cyber Security

NIS Directive, how to comply with the cyber security principles

Achieving NIS Directive compliance with Enterprise SIEM

The EU Network and Information Systems Directive (NIS Directive) came into force in August 2016. Member States had to transpose the Directive into their national laws by 9 May 2018.  Member States had to further identify operators of essential services by 9 November 2018. More detailed information on the legislation can be found here.

In the face of mounting worries that interlinked systems and networks, as well as an increasing link between IT systems and industrial control systems (ICS), could provide an avenue for cyber attacks, the legislation aims to bolster cyber security and resilience within the critical infrastructure sector (so called “essential services” but also “digital services”).

What the NIS Directive means for operators 

The net effect of the legislation is that operators of essential services and digital service providers are subject to requirements to keep their networks and information secure under the new rules and to notify security incidents to “competent authorities” when they occur.

One challenge is that as a directive, the rules are being applied separately (and hence potentially differently) across the EU.

The critical NIS Cyber Security Principles

Whether your organisation is a UK, Australian or American operator of Critical Infrastructure there are two key cyber security principles that your organisation needs to defend its assets: C1 Security Monitoring and C2 Proactive Security Event Discovery

C.1 Security Monitoring

The organisation monitors the security status of the networks and systems supporting the delivery of essential services in order to detect potential security problems and to track the on-going effectiveness of protective security measures.

C.2 Proactive Security Event Discovery

The organisation detects, within networks and information systems, malicious activity affecting, or with the potential to affect, the delivery of essential services when the activity evades standard signature based security prevent/detect solutions (or when standard solutions are not deployed).

How the NIS Directive works in the UK

In the UK there is no single competent authority. Instead there are a number of separate organisations, mostly existing industry regulators – assisted by the National Cyber Security Centre (NCSC) – such as Ofcom, Ofwat etc. and the Information Commissioner’s Office (ICO) who are responsible for overseeing compliance and defining rules in the various sectors. This diversity in the definition of rules, standards and processes makes policing compliance a challenge.

NCSC published best practice

The NCSC has published an introduction to the NIS Directive and a set of high-level guidance objectives, or Indicators of Good Practice, for Critical Infrastructure organisations; this includes guidance for C1 and C2.  Their advice covers:

  1. Managing security risk: Appropriate organisational structures, policies and processes to understand, assess and manage security risks to systems supporting essential services.
  2. Protecting against cyber attack: Proportionate security measures to protect services and systems from cyber attack.
  3. Detecting cyber security events: Ensure security defences are effective and detect cyber security events that could, or will, affect services.
  4. Minimising the impact of cyber security incidents: Minimise the impact of an incident on services including the restoration of services where necessary.

NCSC also has an associated Cyber Assurance Framework (CAF) for audit, review and assessment services.

See more at:

Download Essential Guide to Cyber Security – NCSC 10 Steps

Enforcement of the NIS Directive

The Department for Digital, Culture, Media and Sport (DCMS) is asking the competent authorities (regulators) to take a cautious approach to enforcement initially, to give organisations that are affected by the NIS Directive time to digest and update their cyber security defences. See DCMS guidance here.

So while fines under the NIS Directive, in particular for incidents that cause loss of life or actual physical harm, might be severe once the regime is fully up and running; initially they should be more modest, especially where operators have “assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack”.

How to comply with the NIS Directive cyber security principles

Huntsman Security’s Enterprise SIEM has first-hand experience in meeting the high security, real-time visibility and assurance requirements of critical infrastructure organisations. Our customers manage complex network structures, deal with extremely high data volumes and monitor a wide variety of data types and sources.  The suitability of our technology for these high critical environments is proven.

  • Governance and Risk – track how you are performing against major government, national and international standards
  • Security analytics and real-time threat detection – detect threats based on known patterns or anomalous behaviour.
  • Automated Threat Verification – take action through infrastructure interconnects to contain, quarantine or mitigate a threat which means that attacks or breaches are rapidly diagnosed and thwarted.

Download Enterprise SIEM Brochure

Find out more info about NIS Directive compliance

Email for more InfoResources and Tools