Cyber ​​security: the NIS Directive at national level


Starting from 18 May 2018, through legislative decree n.65, Italy has implemented the NIS Directive (Directive 2016/1148 on the security of networks and information systems), which came into force the following June 2018.
This Directive represents a further tool for managing cyber security at a national level. In fact, it contains guidelines for risk management and the prevention, mitigation and notification of IT incidents.

The sectors that fall within the scope of application of the NIS decree coincide with those envisaged by the Directive: energy, transport, banking, financial markets, healthcare, supply and distribution of drinking water and digital infrastructures, search engines, cloud services and e-commerce platforms. It is classified as an operator of essential services (so-called OSE):

  • a person who provides an essential service for the maintenance of economic/social activities;
  • the provision of the service in question depends on the network and information systems;
  • a cyber incident would imply a negative impact on the provision of the service.

The legislation requires these operators to adopt technical and organizational measures that are adequate:

  • the management of risks related to the security of the network and the information systems used;
  • to prevent and contain the impact of incidents that jeopardize the security of the network and information systems.

Consistent with the provisions of the Directive, the adoption of a national cyber security strategy was also envisaged. This strategy must establish the preparation, response and recovery measures of services following cyber incidents, the definition of a cyber risk assessment plan and training and awareness programs on cyber security, as well as a risk assessment and research and development plan on cybersecurity.

Regarding the authorities responsible for implementing and supervising the NIS legislation, five different ministries have been designated as competent authorities: economic development, economy and finance, health, environment, infrastructure and transport.
Instead, the DIS (Security Information Department), established in August 2007 for the coordination of the programming and operational activities of AISE (External Information and Security Agency) and AISI (Internal Security and Information Agency), acts as the single point of liaison and coordination with the EU and the competent authorities in relation to cybersecurity activities in the other Member States.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *