Regulatory Frameworks NIS, PSD2 and GDPR in Practice

The Directive on Security of Network and Information Systems (NIS Directive) aims to achieve a high common level of network and information systems security across the European Union. NIS will improve cyber security capabilities at the national level; increase cooperation on cyber security among EU member states; and introduce security measures & incident reporting obligations for operators of essential services (OESs) in critical national infrastructure and digital service providers (DSPs). In addition to this, financial institutes [being one of these OESs ] are subjected to the revised Payment Services Directive, effective from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce the risk of fraud. This will include a special afternoon programme for practical experiences and strategic updates on GDPR to support the last mile to May 25th. You are invited to join LSEC & the Cyber Security Coalition and dive deeper into these Directives that have a huge impact on Member State Governments, Critical Infrastructure Operators and suppliers of Cyber Security Products & Services. The registration is now open exclusively to Community Members from LSEC and the Cyber Security Coalition

Session Materials:

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials. 

Agenda:

• 08.00 Registration & Welcome Coffee
• 09.00 Cyber Security Coalition AGM (for Cyber Security Coalition Members only)
• 09.30 Welcome Notes by CSC & LSEC , Jan De Blauwe Chairman Cyber Security Coalition & Ulrich Seldeslachts, executive director of LSEC.eu
• 09.40 Overview of the actual Cyber Threats and Threat Actors, currently faced by Operators of Essential Services (OES), by Alex Vervaet, Director at FireEye
• 10.20 Keynote : Experiences in Privacy Security guidance of large organisations on GDPR, PSD2 and Open Banking by Nick CALEY, Vice President Privacy & Security at ForgeRock
• 11.00 Coffee Break
• 11.20 Implementation of the “NIS directive” in Belgium, by Valéry VANDER GEETEN, Legal Officer Centre for Cybersecurity Belgium [CCB] & Project Manager for the NIS directive implementation
• 11.50 Interactive Discussion and Q&A: Experiences in regulations in critical infrastructures [article 13 and others] towards the NIS Directive
• 12.30 Lunch Break
• 13.30 NIST based audit for Critical Infrastructure, George Ataya
• 14.10 Rickey Gevers, Security Expert at RedSocks
• 14.50 eIDAS Certificates by QSTP to power PSD2 trust ecosystem, by Kannan Rasappan – Open Banking / PSD2 Architect & Founder of PSD2 Enabler
• 15.30 Coffee Break
• 15.50 Data Protection Impact Assessments in practice, by István Mate Böröcz - researcher at VUB-LSTS and d.pia.lab
• 16.30 CSC Member Story : Controller Processor relation in B2B – Jan Leonard, Data Protection Officer at Orange Belgium
• 17.10 Closing Keynote by Willem Debeuckelaere, President of the Belgian Privacy Commission
• 17.30 Wrap up and Key Learnings of the Day - Closing Reception

Practical Details & Registration

Regulatory Frameworks NIS, PSD2 and GDPR in Practice
VBO- Federation of Enterprises in Belgium
Rue Ravenstein 4
1000 Brussels
Belgium

Participation is restricted to Members from LSEC & the Cyber Security Coalition

Registration is now closed.

Session Materials:

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials. 

Addendum: The Impact of the NIS & PSD2 Directives

On Member State governments:
Member States themselves are required to be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority. They must take part in cross border activities and join a cooperation group to ensure cooperation among all the Member States, to support and facilitate strategic cooperation and the exchange of information. They will also need to set a CSIRT Network, in order to promote swift and effective operational cooperation on specific cybersecurity incidents and sharing information about risks. In addition to this, each Member State must identify the businesses in sectors that are vital for our economy and society and moreover rely heavily on ICTs and ensure that they take appropriate security measures and notify serious incidents to the relevant national authority. They are required to set their own national rules on financial penalties and must take the measures necessary to ensure that they are implemented. [It is likely that Member States will implement tough penalties similar to that of the GDPR].

On operators of essential services and digital service providers
The NIS Directive will introduce security measures and incident reporting obligations to these entities including financial penalties if these obligations are not met. They must take appropriate technical and organizational measures to secure their network and information systems; Take into account the latest developments and consider the potential risks facing the systems; Take appropriate measures to prevent and minimize the impact of security incidents to ensure service continuity; and notify the relevant supervisory authority of any security incident having a significant impact on service continuity without undue delay.

Banks face an additional challenge with the revised Payment Services Directive [PSD2]
In addition to this, financial institutes [being one of these operators of essential services] are subjected to the revised Payment Services Directive, effective from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.

Special Thanks to VBO for hosting this Event!