Adapting Cybersecurity Frameworks for NIS2 Compliance

Abstract

This thesis examines the role of cybersecurity maturity evaluation in addressing the current level of cybersecurity and identifying necessary measures to reach compliance with the Network and Information Security Directive 2 (NIS2), which requires entities critical to society to adopt and maintain specific measures to ensure resilience against cyber threats. By analyzing the current cybersecurity landscape, identifying the requirements of the NIS2 Directive, and conducting an assessment using Kybermittari, this thesis highlights the strengths, weaknesses and practical implications of using maturity models for NIS2 compliance, while also demonstrating how cybersecurity models can be used to evaluate and improve information security and compliance. The findings show that assessments are an effective way to evaluate an organization’s cybersecurity capabilities and support the efforts in reaching compliance with the NIS2 Directive. It also emphasizes the significance of in-depth understanding of the organization's operations and commitment of personnel, as well as towards actionable improvement plans to enhance cyber resilience and prepare for the next evaluation.