当前位置:首页 > 报告详情

应对监管挑战——理解NIS2 DORA和CRA.pdf

上传人: 可*** 编号:991861 2025-12-07 25页 1.20MB

1、Classification:InternalNavigating the EU Regulatory LandscapeApril 2025ww w.n vi s o.e uMaxim Deweerdt,Principal SANS Instructor and NVISO Senior ManagerPieter Batsleer,NVISO Senior ManagerClassification:InternalObjectives1.Review some of the most prevalent cyber threats aimed at Industrial and R&D

2、players and typical measures implemented in response2.Provide a short overview of cyber security regulation and implementation challenges,which drive the cyber security plans3.Highlight some of the key challenges cyber security teams are facing while achieving compliance,and how these can be overcom

3、eClassification:Internal3Threats Drive Regulatory Evolutions Part 1:High Level Threat LandscapeClassification:InternalEvolving threat landscapeThreatsBreach trends due to two conflicting factorsMedian Dwell Time Detection capabilities(technology,people&processes)have massively improved;Ransomware&ot

4、her extortion attacks are completed in 5 days on average;they represent 1/3rd of all attacks54%of breachesdiscovered by externals99Days in 201621Days in 202110Days in 2023106Days in 201648Days in 202122Days in 2023Source:Mandiant M-Trends 2024Source:Verizon DBIR 2024;Mandiant M-Trends 2024We are get

5、ting better at detecting breaches,however the speed in which a breach occurs increases as well.Breaches are detected more quickly GlobalEMEA4Classification:Internal are used for Evolving threat landscapeThreatsMost common attack patterns5Source:2024 Data Breach Investigations Report Verizon Figure 6

6、6 Ransomware is the top attack vector for this sector,entering primarily through system intrusion or social engineering.Social Engineering like phishing,deceptive calls,and in-person interactions are is also crucial in fraud cases,with Business Email Compromise(BEC)or leading to data theft.User and

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **威胁演变**:网络攻击速度加快,平均攻击完成时间缩短至5天,其中勒索软件和其他勒索攻击占所有攻击的1/3。 2. **法规响应**:欧盟发布了多项网络安全法规,如NIS2、DORA和CRA,旨在加强关键基础设施和金融部门的网络安全。 3. **NIS2概述**:NIS2扩大了适用范围,包括约30万家公司,并要求实施最小安全措施和事件报告。 4. **DORA概述**:DORA旨在加强金融实体的IT安全,要求实施成熟的风险管理流程和第三方风险管理。 5. **CRA概述**:CRA要求制造商和分销商确保数字产品具有适当的安全水平,并实施严格的漏洞和事件报告时间表。 6. **挑战与机遇**:法规的实施带来了挑战,但也为组织提供了改进安全措施和扩展安全能力的机会。
"NIS2合规挑战与机遇" 挑战与突破" 产品安全新规解读"
客服
商务合作
小程序
服务号
折叠