NIS2:

NETWORK
AND
INFORMATIO
N SECURITY
DIRECTIVE
June 4th 2024
AGENDA

2
Introducing NIS2
Also Town Hall
June 4th, 2024

Tomás Casasco | Data Security Go to Market Lead, Microsoft Western Europe

Agenda

• Current Security Landscape

• NIS2 Overview | differences vs NIS1 and GDPR

• Impacted Sectors & Penalties

• Requirements and Obligations

• NIS2 Measures mapped to MS Solutions

• Conclusions

Microsoft Confidential
We live in the most complex threat landscape in history

Speed, scale, and Rapidly growing Growing regulatory

sophistication of attacks cyber economy environment

Password attacks Annual GDP

per month
$27T

250
$17.8T

30B $8T
$4.4T $4.2T new regulatory
3B updates tracked
every day
2022 2023 USA China Cybercrime Germany Japan

Source: Microsoft Source: Statistica Source: Microsoft

Nation-state
threats
sophistication
& critical
infrastructure

MDDR: Microsoft Digital Defense Report 2023

MDDR: Microsoft Digital Defense Report 2023

Overview of NIS2

18
______
180K

NIS2 is the new European It is the most comprehensive Its purpose is to establish a
cybersecurity directive that will EU cybersecurity legislation to baseline of security measures
replace the existing NIS Directive date, covering 18 sectors and for digital service providers and
as from October 2024. over 180K+ companies. operators of essential services, to
mitigate the risk of cyber attacks
and to improve the overall level
of cybersecurity in the EU.

Member States have until October 17, 2024 to transpose the Directive
into national law. This means that each organization encompassed by
the Directive will be legally obligated to live up to its requirements by
Q4 2024.

Microsoft Confidential
Why is NIS1 expanding to NIS2?

Cyber attacks are becoming Pressures to address Increasingly complex regulatory

more frequent and sophisticated multi-cloud IT environment landscape

Microsoft Confidential
NIS2 vs. NIS1

Stronger Focus on securing Improving & Worse Enforcement

requirements and business streamlining the Repercussions. localized in all
and more continuity. This report obligations. Next to fines, NIS2 European
affected sectors includes supply can lead to legal member states
chain security. ramifications for
management.

Microsoft Confidential
GDPR vs NIS2 | The Differences

The NIS2 directive

requires sectors providing
The GDPR requires services of high criticality
all organizations, or critical services related
whether within the to EU infrastructure, to
EU or not, to protect implement appropriate
the personal data measures to minimize
of EU citizens. potential incidents,
encompassing all
aspects of security.

Microsoft Confidential
NIS2 affects various sectors, including…
On September 14, the European Commission published new guidelines explaining which sectors will be considered critical and
what they should report to national authorities in the EU under the NIS2 directive.

Highly Critical Sectors Critical Sectors

Food Waste Chemicals

Energy Transport Banking Space Management

Financial Health Drinking Postal

Market Sector Water And Courier
Infrastructure Services
Public Manufacturing Digital
Admin. Of Medical Providers
Devices
Wastewater Digital IT Service Research
Infrastructure Management Organizations

Microsoft Confidential
Entity Categories vs Penalties
Essential Entity Important Entity

Large companies are part of the sectors Medium-sized enterprises operating in the sectors
of high criticality listed in Annex I of of high criticality of Annex I of the Directive,
the Directive.
---
Large or medium-sized enterprises that do not fall
A large entity is defined as a company with at least
into the essential entity category
250 employees
A medium-sized enterprise is defined as one with at least 50
employees

Failure to do so can results in:

Fine of >10 million Euro or 2% of global annual turnover for
management can be held
essential entities
and >1.7 million Euro or 1.4% of global annual turnover for
responsible for non-compliance
important entities
with these obligations
NIS2 4 KEY OBJECTIVES

NIS2 Objectives

Minimizing The
Protecting
Impacts of Cyber
Against Cyber
Security
Attacks
Incidents

Detecting Cyber Managing

Security Security Risks
Incidents (External &
Internal)
How to
approach NIS 2 ? Directive “NIS 2”
on measures for a high common level of
cybersecurity across the European Union…

… but, what measures exactly ?

Microsoft Confidential
What does NIS2 mean for organizations?

Cybersecurity Risk Management Measures Incident Reporting Obligations

Incident
handling Business Report incidents with significant* impact on the provision
Risk Security (prevention, continuity and of services
Management Policies detection & crisis
response to management
incidents) Within 24 hours Within 72 hours Within 1 month
an extensive a final report
report progress report
Supply chain Vulnerability Regular assessments to determine
security handling and the effectiveness of cybersecurity
consider disclosures risk management measures (e.g.,
supplier reflection of state of art – security *=An incident is significant if it has caused or is capable of causing severe
vulnerabilities posture) operational disruption of the services or financial loss for the entity
concerned or if it has affected or is capable of affecting other natural or
legal persons by causing considerable material or non-material damage
The use of
The use of
cryptography Basic
MFA or
and cybersecurity Computer
continuous Competent Recipients of
encryption hygiene & Security Incident
authentication Authority services
where training Response Team
warrante (CSIRT)
NIS 2.0 Top 10 Measures
A. Policies on risk analysis and information system security
B. Incident handling
C. Business continuity, such as backup management and disaster recovery, and crisis management
D. Supply chain security, including security-related aspects concerning the relationships between each entity
and its direct suppliers or service providers
E. Security in network and information systems acquisition, development and maintenance, including
vulnerability handling and disclosure
F. Policies and procedures to assess the effectiveness of cybersecurity risk-management measures
G. Basic cyber hygiene practices and cybersecurity training
H. Policies and procedures regarding the use of cryptography and, where appropriate, encryption
I. Human resources security, access control policies and asset management
J. The use of multi-factor authentication or continuous authentication solutions, secured voice, video and
text communications and secured emergency communication systems within the entity, where appropriate.

Microsoft Confidential
NIS2 COMPLIANCE
IS A ZERO TRUST
JOURNEY

Microsoft Confidential
Mapping NIS 2.0 Duties to the Zero
Trust Framework
Verify explicitly | Use least-privileged access | Assume breach

Governance
A&G
C&H Data

I&J
Identities
Zero Trust G, H & J Apps
policy
J
H&I D&H Infrastructure

Devices
E Network

SIEM
B, E, F & G
NIS2 Measures matched with Microsoft Products
Common best practices that we preach since years…

NIS Measure Microsoft Products

A Risk Analysis Policies Microsoft 365 Defender Secure Score, Purview Compliance Manager, Purview Insider Risk
Management
B Incident Handling Microsoft Defender, Microsoft Sentinel, Security Copilot
C Business Continuity Microsoft 365 Archiving, Microsoft 365 Backup, Microsoft Azure Backup, Azure Site Recovery

D Supply Chain Security Entra ID, Service Trust Portal, Granular Delegated Admin Priveleges
E Network Security Cloud Security Posture Management (CSPM), Defender Vulnerability Management (DVM),
Defender for IOT/OT
F Cybersecurity Effectiveness Assessment Microsoft Defender Secure Score, Cloud Secure Score, Purview Compliance Manager

G Cybersecurity Training & Practices Microsoft 365 Learn, Defender for Office 365 (attack simulation training), Defender Threat
Intelligence
H Encryption and Cryptography Microsoft Purview Information Protection, Purview Data Lifecycle Management

I Asset Management Microsoft Entra Lifecycle Management, Microsoft Entra Access Reviews, Privileged Identity
Management (PIM)
J Multi-factor Authentication Microsoft Entra Conditional Access, Microsoft Entra Risk Based Conditional Access,

https://www.itgovernance.co.uk/nis-regulations-cyber-assessment-framework
LET’S GO INTO SOME
EXAMPLES…

Microsoft Confidential
 NIS2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures regarding the use of cryptography and, where

appropriate, encryption

Encryption is an important part of your file protection and information protection strategy. Encryption by itself doesn't
prevent content interception. Encryption is part of a larger information protection strategy for your organization. By
using encryption, you help ensure that only authorized parties can use the encrypted data.

Purview Information Protection Sensitivity Labels

Microsoft Purview Information Protection to help you discover, classify,
and protect with the use of encryption the sensitive information
wherever it lives or travels. Sensitivity labels let you classify and protect
your organization's data in-rest and in-motion, while making sure that
user productivity and their ability to collaborate isn't hindered.

Data Lifecycle Management

Microsoft Purview Data Lifecycle Management provides you with tools
and capabilities to retain the content that you need to keep and
delete the content that you don’t. Retaining and deleting content is
often needed for compliance and regulatory requirement, but deleting
content that no longer has business value also helps you manage risk
and liability
 NIS2 COMPLIANCE IS A ZERO TRUST JOURNEY

Incident handling
Security incident handling is the process of identifying,
managing, recording and analyzing security threats or
incidents in real-time. It seeks to give a robust and
comprehensive view of any security issues within an IT
infrastructure.

Incident handling with Microsoft Defender

The standard Microsoft Defender security incident homepage
allows staff to assign, label, classify and comment on the
incidents.

Incident handling with Microsoft Sentinel

Microsoft Sentinel is the Microsoft SIEM (Security Information
and Event Management) solution. Sentinel analyzes the
signals from all different sources in the organization and
allows for full incident and event management, creating
and assigning tasks, activity logs, etc.

More information on Sentinel Incident handling

Sentinel Incident handling
 NIS2 COMPLIANCE IS A ZERO TRUST JOURNEY

Incident handling

Security CoPilot
Microsoft Security Copilot is an AI-powered security
analysis tool that enables analysts to respond to threats
quickly, process signals at machine speed, and assess risk
exposure in minutes.

Identify an ongoing attack, assess its scale, and get

instructions to begin remediation based on proven tactics
from real-world security incidents.

More information on Security Copilot

Security Copilot
 NIS2 COMPLIANCE IS A ZERO TRUST JOURNEY

The use of multi-factor

authentication or continuous
authentication solutions
Token interception through an Adversary-in-the-
middle attacks is the most common way to bypass
MFA and allow attacks to leverage a token replay to
gain full access. Microsoft Entra Authentication
Strengths can help to mitigate these attacks.

Microsoft Entra Authentication Strengths

The new Entra Authentication Strengths (a feature of Microsoft
Entra ID) allows you to specify which combination of
authentication methods can be used to access a resource. For
example, you can require phishing-resistant methods (FIDO2
keys, Windows Hello, Smartcards for sensitive resources.
Enforce Authentication Strengths through CA
You can use authentication strengths in conditional access policies to define
a minimum level of authentication strength required for access, based on
factors such as the user’s sign-in risk level, the sensitivity of the
resource being accessed, the user’s location, and more

Get started with Entra ID

Entra ID
Conclusions
• Significance of NIS2: NIS2 is an expansive and important regulation
aimed at improving cybersecurity across multiple sectors. It’s aimed to
address the complex security threat landscape organizations currently face

• Opportunity rather than a threat: NIS2 represents a great opportunity

for organizations to strengthen their security posture and Microsoft Security
portfolio can help address multiple NIS2 requirements

• Engage your local authorities to understand the transposition status of

your specific country

• Leverage partner Assessments (e.g CSAT) to evaluate your current

situation and plan next steps for NIS2 Compliance (technology and
processes)

For additional NIS2 resources visit: https://aka.ms//NIS2-readiness

(To log in organizations, need to be members of cloud partner network)

Microsoft Confidential
Thanks

Microsoft Confidential
Appendix

Microsoft Confidential
Affected sectors full overview
Affected sectors full overview
Affected sectors full overview
Affected sectors full overview
A NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies on risk analysis and information system security

Explanation
Effective security policies must be implemented consistently across the organization to protect information systems
and customers. Security policies must also account for variations in business functions and information systems to be
universally applicable.

Zero Trust Framework

Zero Trust architecture recommends continuous risk
assessment in the digital world where attacks happen
at cloud speed. Each request shall be intercepted and
verified explicitly by analyzing signals on user,
location, device compliance, data sensitivity, and
application type.
B NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Incident handling
Security incident handling is the process of identifying,
managing, recording and analyzing security threats or
incidents in real-time. It seeks to give a robust and
comprehensive view of any security issues within an IT
infrastructure.

Incident handling with Microsoft Defender

The standard Microsoft Defender security incident homepage
allows staff to assign, label, classify and comment on the
incidents.

Incident handling with Microsoft Sentinel

Microsoft Sentinel is the Microsoft SIEM (Security Information
and Event Management) solution. Sentinel analyzes the
signals from all different sources in the organization and
allows for full incident and event management, creating and
assigning tasks, activity logs, etc.

More information on Sentinel Incident handling

Sentinel Incident handling
B NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Incident handling
Security incident handling is the process of identifying,
managing, recording and analyzing security threats or
incidents in real-time. Leveraging AI solutions will enable
organizations to shorten time needed to analyze data and
logs as well as stop attacks based on ML patterns.

Security CoPilot
Microsoft Security Copilot is an AI-powered security analysis
tool that enables analysts to respond to threats quickly,
process signals at machine speed, and assess risk exposure in
minutes.

Identify an ongoing attack, assess its scale, and get

instructions to begin remediation based on proven tactics
from real-world security incidents.

More information on Security Copilot

Security Copilot
C NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Business continuity – Backup management (1)

Business continuity is the capability of your enterprise to stay online
and deliver products and services during disruptive events, such as
natural disasters, cyberattacks and communication failures.
Aspects of business continuity are Backup management, Disaster
recovery and Crisis management. We will cover each topic in a
separate slide, this is the slide on Microsoft 365 backup
management.
Microsoft 365 Backup
Microsoft 365 backup is a feature that allows you to recover your
OneDrive, SharePoint, and Exchange data in case of data loss or
corruption. You can backup all or select sites, accounts, and mailboxes in
your tenant, and restore them to a prior point-in-time. You can access
Microsoft 365 backup directly in the Microsoft 365 admin center or
through a partner’s application built on top of the Backup APIs1.

Microsoft 365 Archiving

Microsoft 365 Archive gives you a cold data storage tier that enables you to
keep inactive or aging data within SharePoint at a cost-effective price point
matching the value of that data’s lifecycle stage. Because the content is
archived in place, it retains Microsoft 365’s valuable security, compliance,
search, and rich metadata.

More information on
Microsoft 365 Backup & Archive
Microsoft 365 Backup Archive
C NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Business continuity – Backup management (2)

Business continuity is the capability of your enterprise to stay online and
deliver products and services during disruptive events, such as natural
disasters, cyberattacks and communication failures.
Aspects of business continuity are Backup management, Disaster recovery
and Crisis management. We will cover each topic in a separate slide, this is
the slide on Microsoft Azure backup management.

Microsoft Azure Backup

The Azure Backup service provides simple,
secure, and cost-effective solutions to back
up your data and recover it from the
Microsoft Azure cloud.
Azure Backup helps protect your critical
business systems and backup data against a
ransomware attack by implementing
preventive measures and providing tools
that protect your organization from every
step that attackers take to infiltrate your
systems. It provides security to your backup
environment, both when your data is in
transit and at rest.

What is Microsoft Azure Backup ?

Microsoft Azure Backup
C NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Business continuity – Disaster Recovery

Business continuity is the capability of your enterprise to stay online
and deliver products and services during disruptive events, such as
natural disasters, cyberattacks and communication failures.
Aspects of business continuity are Backup management, Disaster
recovery and Crisis management. We will cover each topic in a
separate slide, this is the slide on Microsoft Disaster Recovery.

Microsoft Azure Site Recovery

Azure Site Recovery is a service that helps you keep your
business running during IT outages. It allows you to replicate
your workloads to Azure or another location, and fail over
and recover them when needed. You can use it to protect
Azure VMs, on-premises VMs, physical servers, and
databases. Azure Site Recovery offers simple deployment and
management, cost savings, reliable recovery, and security
features

More information on Microsoft Disaster Recovery

Microsoft Disaster Recovery
D NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Supply chain security

Digital supply chains are becoming more complex, more digital, and more
interdependent, which means that any vulnerability or attack in one part of the
supply chain can have a ripple effect on the entire chain. One example of this is
how Microsoft is showcasing their compliance.

Compliance (3rd party assurance/SOC statement)

Learn how Microsoft cloud services protect your data, and

how you can manage cloud data security and compliance for
your organization.

External Access (technology)

Entra ID Connect is an on-premises Microsoft application

that's designed to meet and accomplish your hybrid identity
goals. Use Entra ID Connect to benefit from a modernized
Active Directory and benefit from security features such as
single sign on and conditional access policies.

Have a look at Trust portal & get started with Entra ID

Trust portal Entra ID
D NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Supply chain security

Digital supply chains are becoming more complex, more digital, and
more interdependent, which means that any vulnerability or attack
in one part of the supply chain can have a ripple effect on the entire
chain. One example of this is the way partners can access a
customer tenant through their Partner center environment.

DAP vs GDAP
DAP (Delegated Admin Privileges) is the old way of granting
partners access to customers’ tenants, which gives them too
much power (Global Admin) and poses security risks.
The new GDAP (Granular Delegated Admin Privileges) grants
partners access to customers’ tenants but only to the
necessary roles and use permissions for a limited time.
Customers should check if their partner tenant has access to
their tenant leveraging GDAP instead of DAP to ensure that
they have more control and visibility over their data and
resources, and that they comply with the latest security best
practices.

More details on DAP vs GDAP

DAP vs GDAP
E NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Security in network and information systems

acquisition, development and maintenance
From acquisition to maintenance, ensuring network and information
systems security is paramount. Ongoing maintenance demands
constant monitoring, timely patches, and regular security
assessments to safeguard data integrity and operational stability.

Defender Vulnerability Management

Defender Vulnerability Management (DVM) delivers asset visibility, intelligent
assessments, and built-in remediation tools for Windows, macOS, Linux,
Android, iOS, and network devices. Leveraging Microsoft threat intelligence,
breach likelihood predictions, business contexts, and devices assessments,
Defender Vulnerability Management rapidly and continuously prioritizes the
biggest vulnerabilities on your most critical assets and provides security
recommendations to mitigate risk.

Cloud Security Posture Management

Cloud Security Posture Management (CSPM) provides you with hardening guidance
that helps you efficiently and effectively improve your security. CSPM also gives you
visibility into your current security situation.

Get started with DVM and CSPM

DVM CSPM
E NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Security in network and information systems acquisition, development and

maintenance
From acquisition to maintenance, ensuring network and information
systems security is paramount. Ongoing maintenance demands
constant monitoring, timely patches, and regular security
assessments to safeguard data integrity and operational stability.

Defender for IOT / OT

Defender for IoT is a security solution that
protects IoT and OT devices from physical and
cyber threats. It provides asset discovery,
vulnerability management, and threat detection
for complex, digital, and interdependent
environments. It also integrates with other
security tools such as Sentinel, Splunk, and
Defender for Endpoint

Get started with Defender for IoT

Defender for IoT
E NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Security in network and information systems acquisition, development

and maintenance
From acquisition to maintenance, ensuring network and information
systems security is paramount. Ongoing maintenance demands
constant monitoring, timely patches, and regular security
assessments to safeguard data integrity and operational stability.

Defender for DevOps

Defender for DevOps uses a central console to empower
security teams with the ability to protect applications and
resources from code to cloud across multi-pipeline
environments, such as GitHub and Azure DevOps. Findings
from Defender for DevOps can then be correlated with other
contextual cloud security insights to prioritize remediation in
code.

Get started with Defender for DevOps

Defender for DevOps
F NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures to assess the effectiveness of cybersecurity risk-

management measures (1)
Although there are many methods and frameworks for policies,
procedures and assessing the effectiveness of cybersecurity risk-
management measures, common steps are:

• Understand the security landscape of your organization,

including its assets, systems, vendors, and regulations
• Identify gaps in your current cybersecurity controls, such as
outdated software, weak passwords, or phishing vulnerabilities
• Create a team of qualified and experienced cybersecurity
professionals who can monitor, respond, and improve your
security posture
• Determine the informational value of your assets and prioritize
them based on their importance and sensitivity
• Analyze and address the risks that pose the most threat to your
assets, using tools such as penetration testing, risk scoring, and
mitigation strategies

More information on Zero Trust

Zero Trust
F NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures to assess the effectiveness of cybersecurity risk-

management measures (2)
This slide focusses on how you can understand the security
landscape of your organization. Microsoft Secure Score helps
organizations by reporting on the current state of the organization's
security posture; Improve security posture by providing
discoverability, visibility, guidance, and control and compare with
benchmarks and establish key performance indicators (KPIs).

Microsoft Defender Secure Score

The Microsoft Defender Secure Score is applicable for Microsoft SaaS

workloads, such as Microsoft 365, Identity, Devices and Apps. It
evaluates your configuration settings and behaviors and gives you a
score based on the alignment with security standards.

Microsoft Defender for Cloud Secure Score

The Microsoft Defender for Cloud Secure Score applies to PaaS,

IaaS, hybrid and multi-cloud workloads. It assesses your cross-
cloud resources for security issues and gives you a score based on
the implementation of best practices. Defender for Cloud can
provide recommendations for Microsoft Azure, Amazon Web
Services, Google Cloud Suite, etc.

More information on Secure Score

Secure Score
F NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures to assess the effectiveness of

cybersecurity risk-management measures (3)
This slide focusses on how you can identify gaps in your current
cybersecurity controls, such as outdated software, weak passwords,
or phishing vulnerabilities.

Microsoft Defender Exposure Score

Microsoft Defender exposure score is a metric that reflects how
vulnerable your organization is to cybersecurity threats. Your exposure
score is influenced by factors such as weaknesses, threats and security
alerts on your devices.

Microsoft Defender for Identity

Defender for Identity can detect accounts with unsecure attributes
that expose a security risk, such as PasswordNotRequired. It can
also detect weak cipher usage on devices and accounts, such as
RC4 or DES2. Additionally, it can alert you of credential access
attempts by malicious actors.

Compliance manager
Compliance score measures progress towards completing
recommended actions that help reduce risks around data
protection and regulatory standards.

More information on Compliance Manager

Compliance Manager
G NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Basic cyber hygiene practices and

cybersecurity training (1)
Cybersecurity training is the process of educating yourself and
others about the risks and best practices of cyber hygiene.
Training can help you develop the skills and knowledge to
protect yourself and your organization from cyber threats.

Microsoft 365 Learn

Microsoft Learn offers learning paths for Microsoft 365 , Security and
Microsoft Teams, as well as virtual training days and a community to
connect with other learners and professionals. Microsoft Support
provides video training, templates, quick starts, cheat sheets,
infographics, and more for Microsoft 365.

Defender for Office 365

On of the key features of Defender for Office 365 is the Attack
simulation training, which allows you to run realistic attack scenarios
in your organization and identify vulnerable users. By using Attack
simulation training, you can educate your users on how to recognize
and report phishing, malware, and ransomware attacks, and improve
their security awareness and behavior.

Get started with Microsoft Learn

Microsoft Learn
G NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Basic cyber hygiene practices and

cybersecurity training (2)
Cybersecurity training is the process of educating yourself and
others about the risks and best practices of cyber hygiene.
Training can help you develop the skills and knowledge to
protect yourself and your organization from cyber threats.

Your cybersecurity weather forecast

Defender Threat Intelligence

Microsoft Defender Threat Intelligence (Defender TI) is a

platform that streamlines triage, incident response, threat
hunting, vulnerability management, and cyber threat
intelligence analyst workflows when conducting threat
infrastructure analysis and gathering threat intelligence.
Analysts spend a significant amount of time on data
discovery, collection, and parsing, instead of focusing on
what actually helps their organization defend themselves--
deriving insights about the actors through analysis and
correlation.

Get started with Defender TI

Defender TI
H NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures regarding the use of cryptography and, where

appropriate, encryption
Encryption is an important part of your file protection and information protection strategy. Encryption by itself doesn't
prevent content interception. Encryption is part of a larger information protection strategy for your organization. By
using encryption, you help ensure that only authorized parties can use the encrypted data.

Purview Information Protection Sensitivity Labels

Microsoft Purview Information Protection to help you discover, classify,
and protect with the use of encryption the sensitive information wherever
it lives or travels. Sensitivity labels let you classify and protect your
organization's data in-rest and in-motion, while making sure that user
productivity and their ability to collaborate isn't hindered.

Data Lifecycle Management

Microsoft Purview Data Lifecycle Management provides you with tools
and capabilities to retain the content that you need to keep and delete
the content that you don’t. Retaining and deleting content is often
needed for compliance and regulatory requirement, but deleting
content that no longer has business value also helps you manage risk
and liability
H NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures regarding the use of cryptography and, where

appropriate, encryption

Get started with Purview Information

Purview Information Protection

Protection
Purview Information Protection
H NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures regarding the use of cryptography and, where

appropriate, encryption

ENCRYPTION SETTINGS IN A MICROSOFT AZURE STORAGE ACCOUNT ENFORCING HARDDISK DRIVE ENCRYPTION THROUGH DEVICE POLICIES
H NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Policies and procedures regarding the use of cryptography and, where

appropriate, encryption

MICROSOFT AZURE KEY VAULT FOR MANAGED HMS DATA ENCRYPTION AT REST

Get started with Azure Key Vault

Get started with Encryption at Rest
I NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Human resources security, access control policies and asset management (1)
Microsoft Entra ID Governance allows you to balance your
organization's need for security and employee productivity
with the right processes and visibility. It provides you with
capabilities to ensure that the right people have the right
access to the right resources.

Microsoft Entra Lifecycle Management

Entra lifecycle management is a feature of Microsoft Entra

ID Governance that helps you manage users by
automating their joiner, mover, and leaver processes.
You can create and manage workflows that consist of
tasks and execution conditions to perform actions on
users based on their attributes, group memberships, or
status changes.
Lifecycle workflows can even integrate with the ability of
Microsoft logic apps tasks to extend workflows for more
complex scenarios that require integration with existing
systems and procedures.

What are Microsoft Entra lifecycle workflows?

lifecycle workflows?
I NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Human resources security, access control policies and asset management (2)
With the new Entra ID Governance features
organizations have more control over standard
procedures as well as timed access reviews.

Microsoft Entra Entitlement Management

Also a feature of the Microsoft Entra ID Governance,

Microsoft Entra Entitlement Management is a feature
that enables organizations to manage identity and
access lifecycle at scale, by automating access request
workflows, access assignments, reviews, and expiration.
It can help you more efficiently manage access to
groups, applications, and SharePoint Online sites for
internal users, and also for users outside your
organization who need access to those resources.
It also provides comprehensive visibility and control
over permissions for any identity and any resource in
Microsoft Azure, Amazon Web Services (AWS) and
Google Cloud Platform (GCP).

What is Microsoft Entra entitlement manager?

entitlement manager?
I NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Human resources security, access control policies and asset management (2)
With the new Entra ID (Azure Active Directory) Governance features
organizations have more control over standard procedures as well
as timed access reviews.

Microsoft Entra Access Reviews

Also a feature of the Microsoft Entra ID Governance, Microsoft

Entra access reviews helps you manage the access to your
resources, such as groups and applications, by reviewing them
regularly. You can create and perform access reviews for users or
guests, and ask them or a decision maker to confirm or revoke
their access based on their needs. You can also use access reviews
to comply with policies, audit requirements, or security best
practices.

What are Microsoft Entra Access Reviews?

Access Reviews?
I NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

Human resources security, access control policies and asset management

Microsoft Conditional access and Microsoft Privileged Identity Management help organizations to limit access to
administrative roles until that access is needed and only when conditions are met.

Privileged Identity Management

Privileged Identity Management (PIM) is a service in

Microsoft Entra ID that enables you to manage, control, and
monitor access to important resources in your organization
(Microsoft Entra ID, Azure, Microsoft 365 and other
Microsoft Online Services).

It provides time-based and approval-based role activation to

mitigate the risks of excessive, unnecessary, or misused
access permissions on resources that you care about.

Get started with Privileged Identity Management

J NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

The use of multi-factor

authentication or continuous
authentication solutions
Token interception through an Adversary-in-the-
middle attacks is the most common way to bypass
MFA and allow attacks to leverage a token replay to
gain full access. Microsoft Entra Authentication
Strengths can help to mitigate these attacks.

Microsoft Entra Authentication Strengths

The new Entra Authentication Strengths (a feature of Microsoft
Entra ID) allows you to specify which combination of
authentication methods can be used to access a resource. For
example, you can require phishing-resistant methods (FIDO2
keys, Windows Hello, Smartcards for sensitive resources.
Enforce Authentication Strengths through CA
You can use authentication strengths in conditional access policies to define
a minimum level of authentication strength required for access, based on
factors such as the user’s sign-in risk level, the sensitivity of the resource
being accessed, the user’s location, and more

Get started with Entra ID

Entra ID
J NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

The use of multi-factor authentication or continuous authentication solutions,

secured voice, video and text communications and secured emergency
communication systems within the entity

Get started with Conditional Access

Conditional Access
J NIS 2 COMPLIANCE IS A ZERO TRUST JOURNEY

The use of multi-factor authentication or continuous authentication solutions,

secured voice, video and text communications and secured emergency
communication systems within the entity

Teams Premium
Microsoft Teams Premium is an enhanced version of
the popular collaboration platform, Microsoft Teams.
It offers advanced communication tools, improved
security, seamless integration with Microsoft 365
apps, increased storage, and priority support.
Customers should use it for boosted productivity,
enhanced security, and tailored collaboration
solutions to fit their specific needs.

Get started with Teams Premium

Teams Premium
NIS2 WITH THE CSAT

Start working on NIS2 today!

Ella Gud
Global Partner Manager
ellag@qssolutions.nl
linkedin.com/in/ella-gud/
 CYBERSECURITY ASSESSMENTS
WITH CSAT
Holistic view of the cybersecurity position together with fact-based
recommendations based on an internationally recognized cybersecurity framework.

CSAT collects and analyzes data from the hybrid IT environment in a short period of
time to provides data-driven recommendations.

Company score based on Mapping to NIS 2.0 Migration plans to improve Copilot Readiness
CIS controls v8 European guidelines cybersecurity based on
Zero Trust Architecture

Urgent Action Items and Risk-based action plan Total Cost of Ownership for Security Reports for both
Quick Wins with improvement actions IT and Business Management
CISV8 MATURITY SCORES BACKED
UP BY UNDISPUTABLE DATA
VALUE FOR YOU

Smart and justified investments in Alignment in between IT/Security Full awareness of current security
security which are focused on exact and Business Managements status and control over the weak
weaknesses of the organization and areas
potential threats
Proof of the security progress and
Saves time, effort and budget by work towards compliance Become Cyber resilient while
focusing on what is urgent and saving cost
relevant
IT’S TIME TO PREPARE

European Time to Legislation in

Directive implement force
Announced

November 2022 June 2024 17 October 2024

NIS 2 announced 4 months to Duty to report &
implement duty to care
NIS 2.0 DIRECTIVE ARTICLE 21, CHAPTER 2 (PAGE 48)

2.
The measures referred to in paragraph 1 shall be based on an all-hazards approach that aims to protect network and information systems and the physical
environment of those systems from incidents, and shall include at least the following:

(a)policies on risk analysis and information system security;

(b)incident handling;

(c)business continuity, such as backup management and disaster recovery, and crisis management;

(d)supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service
providers;

(e)security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;

(f)policies and procedures to assess the effectiveness of cybersecurity risk-management measures;

(g)basic cyber hygiene practices and cybersecurity training;

(h)policies and procedures regarding the use of cryptography and, where appropriate, encryption;

(i)human resources security, access control policies and asset management;

(j)the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured
emergency communication systems within the entity, where appropriate.
 DATA COLLECTION

Customer’s Hybrid IT environment IT & Security policies

and procedures

Workstations and
Servers
Azure
Local Active Directory
Microsoft 365
Data Analysis
SharePoint
on-premises
Questionnaire
Email DNS
Recommendations

IT & CISO tailored reports Business Management tailored reports

Power BI dashboard with a Management Presentation or

detailed view on data and Power BI report including
advices Roadmap
STEPS OF THE
CYBERSECURITY
ASSESSMENT
TIME INVESTMENT FROM CUSTOMER’S IT RESOURCES
ALSO CYBERSECURITY SELF-ASSESSMENT

 ALSO’s Free Cybersecurity Self-Assessment

https://cloud.also.mp/also-security-assessment-
customer/

16
ALSO QS CSAT OFFER

 CSAT Full Scan offer for end-customers delivered by ALSO

• For end customer with 250 seats+ organization’s

• CSAT Full Scan is free of charge for all end customers approved by central team – please leave data so we can get in contact

• Cybersecurity consulting

• CSAT Full Scan is NIS 2.0 compliant

17
LETS CONNECT

• Please take a survey and leave your contact data so we can get in contact to provide you all the
details on offers and proposed next steps:
• To have more secure company environment and get actionable insights on secure score
• NIS2 compliant support using CSAT

https://forms.office.com/e/BNdzRZnGn2

18
THANK YOU