
Objective D: Minimising the impact of cyber security incidents
Principles under this Objective D1. Response and recovery planning Putting suitable incident management...

The principles of supply chain security
Introduction The guidance will provide organisations with an improved awareness of supply chain...

C1. Security monitoring
Principle The organisation monitors the security status of the networks and systems supporting...

Objective C: Detecting cyber security events
Principles under this Objective C1. Security Monitoring Monitoring to detect potential security problems...

B2. Identity and access control
Principle The organisation understands, documents and manages access to systems and functions supporting...

A1. Governance
Principle The organisation has appropriate management policies and processes in place to govern...

Objective B: Protecting against cyber attack
Principles under this Objective B1. Service protection policies and processes Defining and communicating...

NIS Directive: Top-level objectives
Introduction The implementation of Article 14 of the NIS Directive is described via...

Supply chain security collection
Proposing a series of 12 principles, designed to help you establish effective control and...

III. Check your arrangements
10. Build assurance activities into your supply chain management Require those suppliers who...

Objective A. Managing security risk
Principles under this Objective A1. Governance Putting in place the policies and processes...

IV. Continuous improvement
11. Encourage the continuous improvement of security within your supply chain Encourage your...

B1. Service protection policies and processes
Principle The organisation defines, implements, communicates and enforces appropriate policies and processes that...

Introduction to the NIS Directive
General Introduction What does the NIS Directive cover and when will it...

D1. Response and recovery planning
Principle There are well-defined and tested incident management processes in place, that aim...

A4. Supply chain
Principle The organisation understands and manages security risks to networks and information systems...

Supply chain security: 12 Principles infographic
This guidance has been produced to help organisations gain and maintain control of...

D2. Lessons learned
Principle When an incident occurs, steps must be taken to understand its root...

Assessing supply chain management practice
Good Bad Develop partnerships with your suppliers. If your suppliers adopt your approach...

B5. Resilient networks and systems
Principle The organisation builds resilience against cyber-attack and system failure into the design,...

I. Understand the risks
Until you have a clear picture of you supply chain, it will be...

A3. Asset management
Principle Everything required to deliver, maintain or support networks and information systems for...

A2. Risk management
Principle The organisation takes appropriate steps to identify, assess and understand security risks...

II. Establish control
Once you gain better control of your supply chain you will be able...

Assessing supply chain security
The idea is to give you some concrete examples of good and bad...

The NIS Guidance Collection
Introduction The EU Directive on the security of network and information systems (NIS)...

Example supply chain attacks
Outlined below are examples of supply chain attacks that illustrate the challenges organisations face. Attacks...

B4. System security
Principle Network and information systems and technology critical for the delivery of essential...

C2. Proactive security event discovery
Principle The organisation detects, within networks and information systems, malicious activity affecting, or...

Lenovo Fixes Hardcoded Password Flaw Impacting ThinkPad Fingerprint Scanners
Lenovo said nearly a dozen ThinkPad and ThinkCentre laptops contain a hardcoded password...