{"id":13072,"date":"2024-10-09T15:34:55","date_gmt":"2024-10-09T13:34:55","guid":{"rendered":"https:\/\/www.fluentis.com\/?p=13072"},"modified":"2024-12-19T17:07:05","modified_gmt":"2024-12-19T16:07:05","slug":"directiva-nis2-ce-este-si-care-sunt-implicatiile-pentru-companii","status":"publish","type":"post","link":"https:\/\/www.fluentis.com\/ro\/blog\/directiva-nis2-ce-este-si-care-sunt-implicatiile-pentru-companii\/","title":{"rendered":"Directiva NIS2: ce este \u0219i care sunt implica\u021biile pentru companii"},"content":{"rendered":"\n<p>Directiva european\u0103 NIS2 (Network and Information Security 2), care intra \u00een vigoare pe 17 octombrie 2024, reprezint\u0103 o actualizare a directivei precedente NIS (din 2016) \u0219i introduce m\u0103suri de securitate cibernetic\u0103 mai stricte pentru infrastructurile critice \u0219i serviciile esen\u021biale din Europa.<br>Scopul s\u0103u este de a asigura o rezilien\u021b\u0103 \u0219i o protec\u021bie major\u0103 \u00eempotriva amenin\u021b\u0103rilor cibernetice, \u00eembun\u0103t\u0103\u021bind securitatea re\u021belelor \u0219i a sistemelor informatice utilizate de sectoarele considerate vitale pentru func\u021bionarea societ\u0103\u021bii \u0219i economiei europene.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Aplicare<\/h3>\n\n\n\n<p>\u00centreprinderile mici sunt, \u00een general, excluse, cu excep\u021bia celor care desf\u0103\u0219oar\u0103 activit\u0103\u021bi considerate de o importan\u021b\u0103 deosebit\u0103 pentru societate. Acestea vor fi obligate s\u0103 respecte cerin\u021be mai stricte de securitate, s\u0103 implementeze m\u0103suri avansate de supraveghere \u0219i s\u0103 se conformeze obliga\u021biilor riguroase de raportare.<\/p>\n\n\n\n<p>Este important de subliniat c\u0103 NIS2 nu se limiteaz\u0103 doar la clasificarea organiza\u021biilor sau furnizorilor de servicii ca esen\u021biali sau importan\u021bi, ci include \u0219i \u00eentregul lan\u021b de aprovizionare, extinz\u00e2nd considerabil domeniul de aplicare.<br>De exemplu, o companie IT care furnizeaz\u0103 hardware sau software unui client ce utilizeaz\u0103 aceste produse pentru a oferi un serviciu esen\u021bial intr\u0103 automat sub inciden\u021ba directivei.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Sectore esen\u021biale<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Energie:<\/strong> electric\u0103, termic\u0103, petrol, gaz, hidrogen.<\/li>\n\n\n\n<li><strong>Transporturi:<\/strong> aerian, feroviar, naval, rutier.<\/li>\n\n\n\n<li><strong>Bancar.<\/strong><\/li>\n\n\n\n<li><strong>Infrastructuri pie\u021be financiare.<\/strong><\/li>\n\n\n\n<li><strong>S\u0103n\u0103tate:<\/strong> furnizori de asisten\u021b\u0103, laboratoare, cercetare \u0219i dezvoltare, companii farmaceutice, produc\u0103tori de dispozitive medicale critice.<\/li>\n\n\n\n<li><strong>Ap\u0103 potabil\u0103.<\/strong><\/li>\n\n\n\n<li><strong>Ap\u0103 rezidual\u0103.<\/strong><\/li>\n\n\n\n<li><strong>Infrastructuri digitale:<\/strong> furnizori de puncte de schimb de internet, servicii DNS, cloud, data center, re\u021bele publice de comunica\u021bii, servicii electronice accesibile publicului.<\/li>\n\n\n\n<li><strong>Gestionare servicii ICT business-to-business:<\/strong> furnizori de servicii gestionate \u0219i de securitate.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Sectore importante<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Servicii po\u0219tale \u0219i curierat.<\/li>\n\n\n\n<li>Gestionarea de\u0219eurilor.<\/li>\n\n\n\n<li>Fabricarea, produc\u021bia \u0219i distribu\u021bia substan\u021belor chimice.<\/li>\n\n\n\n<li>Produc\u021bia, procesarea \u0219i distribu\u021bia alimentelor.<\/li>\n\n\n\n<li>Fabricarea (dispozitive medicale, electronice, echipamente electrice, vehicule \u0219i alte mijloace de transport).<\/li>\n\n\n\n<li>Furnizori de servicii digitale (e-commerce, motoare de c\u0103utare, re\u021bele sociale).<\/li>\n\n\n\n<li>Cercetare.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Impactul NIS2 asupra companiilor<\/strong><\/h3>\n\n\n\n<p>NIS2 are implica\u021bii semnificative, \u00een special pentru companiile publice \u0219i private din sectoarele critice, dar \u0219i pentru cele conexe, mai ales dac\u0103 produc componente, software sau servicii care sprijin\u0103 infrastructurile critice sau fac parte din lan\u021burile de aprovizionare.<\/p>\n\n\n\n<p>Sunt solicitate m\u0103suri avansate de securitate, cum ar fi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Gestionarea vulnerabilit\u0103\u021bilor.<\/strong><\/li>\n\n\n\n<li><strong>Protec\u021bia datelor.<\/strong><\/li>\n\n\n\n<li><strong>Control mai strict asupra accesului la sisteme.<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Aceasta necesit\u0103 o reg\u00e2ndire a politicilor de securitate cibernetic\u0103, inclusiv:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Evaluarea riscurilor:<\/strong> Identificarea amenin\u021b\u0103rilor poten\u021biale \u0219i a vulnerabilit\u0103\u021bilor din sistemele IT\/OT.<\/li>\n\n\n\n<li><strong>Planuri de gestionare a crizelor:<\/strong> Dezvoltarea strategiilor pentru r\u0103spuns la incidente, recuperare rapid\u0103 \u0219i comunicarea \u00eenc\u0103lc\u0103rilor.<\/li>\n\n\n\n<li><strong>Conformitate extins\u0103:<\/strong> Asigurarea conformit\u0103\u021bii interne \u0219i a conformit\u0103\u021bii furnizorilor \u0219i partenerilor.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Sanc\u021biuni \u0219i responsabilit\u0103\u021bi<\/strong><\/h3>\n\n\n\n<p>NIS2 introduce un sistem de sanc\u021biuni pentru companiile care nu se conformeaz\u0103, inclusiv amenzi semnificative bazate pe cifra de afaceri anual\u0103.<br>De asemenea, responsabilitatea managementului este \u00eent\u0103rit\u0103, oblig\u00e2nd conducerea s\u0103 supravegheze implementarea m\u0103surilor de securitate, transform\u00e2nd conformitatea \u00eentr-o obliga\u021bie la nivelul \u00eentregii conduceri.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Ac\u021biuni recomandate<\/strong><\/h3>\n\n\n\n<p>Companiile vizate ar trebui s\u0103 \u00eenceap\u0103 imediat o evaluare a st\u0103rii de conformitate \u0219i s\u0103 adopte urm\u0103toarele m\u0103suri:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cartografierea proceselor \u0219i infrastructurilor critice:<\/strong> Identificarea sistemelor care intr\u0103 sub inciden\u021ba directivei NIS2.<\/li>\n\n\n\n<li><strong>Formarea personalului:<\/strong> Cre\u0219terea con\u0219tientiz\u0103rii \u0219i preg\u0103tirii personalului \u00een privin\u021ba securit\u0103\u021bii cibernetice.<\/li>\n\n\n\n<li><strong>Colaborarea cu partenerii \u0219i furnizorii:<\/strong> Asigurarea conformit\u0103\u021bii \u00eentregului lan\u021b de aprovizionare, deoarece o vulnerabilitate la un furnizor poate compromite \u00eentreaga re\u021bea.<\/li>\n<\/ul>\n\n\n\n<p>NIS2 reprezint\u0103 o schimbare semnificativ\u0103 \u00een peisajul securit\u0103\u021bii cibernetice din Europa, iar companiile trebuie s\u0103 \u021bin\u0103 cont de aceste cerin\u021be pentru a evita sanc\u021biunile \u0219i a-\u0219i proteja infrastructurile esen\u021biale.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Obiectivul NIS2 este de a asigura o mai mare rezisten\u021b\u0103 \u0219i protec\u021bie \u00eempotriva amenin\u021b\u0103rilor cibernetice \u00een sectoare considerate vitale pentru func\u021bionarea societ\u0103\u021bii \u0219i economiei europene.<\/p>\n","protected":false},"author":22,"featured_media":12527,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[43],"tags":[],"class_list":["post-13072","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-stiri-din-lume"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/posts\/13072","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/comments?post=13072"}],"version-history":[{"count":4,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/posts\/13072\/revisions"}],"predecessor-version":[{"id":13078,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/posts\/13072\/revisions\/13078"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/media\/12527"}],"wp:attachment":[{"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/media?parent=13072"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/categories?post=13072"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fluentis.com\/ro\/wp-json\/wp\/v2\/tags?post=13072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}