NIS2 Directive Analysis and Preparation for its Implementation ; Análise de diretiva NIS2 e preparação da sua implementação

Dissertação de Mestrado em Segurança Informática apresentada à Faculdade de Ciências e Tecnologia ; The progressive development of new Information Technologies (IT) and the ever-increasing dependency in offering many different types of services through digital platforms, has led to an unprecedent race for the development of solutions in competitive markets. This transformed the digital threat landscape, now also continuously changing and evolving with new threats and vulnerabilities. Cybersecurity has become a major topic for organizations worldwide and to protect markets and societies, governmental entities are developing legislation for a general increase of cyber resilience levels across their borders. It is in this context that this study aims to help the Portuguese organization Altri to prepare for the arrival of a new cybersecurity legislation known as NIS2, published by the European Union and applicable to all its Member States. NIS2 as a directive is a document setting future objective and it is up to Member States to make them reality by transposing the directive’s guidelines into their national laws. With October 2024 as the date limit for the transposition to happen for all Member States, NIS2 brings potential changes to Portugal national laws in terms of cybersecurity requirements which Altri intends to access, not only to develop its cybersecurity framework, but also to remain compliant with the regulations relevant to its operational context. To help Altri prepare NIS2, this study is conducted and divided in two parts. The first part consists in the study of the directive contents, in which level its scope is applicable to the organization and which directive’s measures and considerations are relevant. In the second part, artifacts are developed, based on the identified areas of interest of the first part, to help guide future works and efforts of Altri in the further development of its cybersecurity structure and resilience along the guidelines and obligations covered by the NIS2 directive. ; O ...