Exam Project
Look at the description and the questions, if there are other questions that you find relevant please include them.
You have to hand in a 4 page “report” based on this and make a 20-minute presentation for the exam. The presentations are very important, and you can include extra actions and answers for the company.
The project is inspired from a real project.
Extra material
We have some extra material that you can have a look at:
- EU - The NIS2 Directive
- PWC - Cybercrime Survey 2023
- PWC - Getting Ready for the NIS2 Directive
- KPMG - Network & Information Security Directive (NIS2)
- Unlocking cybersecurity - Everything you need to know about the NIS2 directive
- Industriens fond - Hovedkonklusioner fra første fase af NIS2-kortlægningen
CyberSecure Inc.
CyberSecure Inc. is a leading European company specializing in cybersecurity solutions.
The company is currently undergoing a compliance process to align with the new NIS2 directive. As part of this process, CyberSecure Inc. is reviewing its cybersecurity policies, identity security measures, and overall preparedness for compliance with NIS2.
You are part of CyberSecure Inc.’s cybersecurity team. Their task is to assess the company’s current cybersecurity posture and suggest improvements to ensure compliance with the NIS2 directive.
You must identify potential cybersecurity risks, propose mitigation strategies, and understanding the implications of the NIS2 directive on the company’s operations.
Questions
You are not limited to these questions but they are a good starting point.
NIS2 Directive Overview
Describe the key objectives and requirements of the NIS2 directive, particularly focusing on the expanded scope and stricter oversight compared to its predecessor NIS1?
Risk Assessment
Identify three potential cybersecurity risks that CyberSecure Inc. might face under the new directive. Explain how these risks could impact the company’s compliance with NIS2, considering the directive’s emphasis on risk analysis and information system security policies.
Mitigation Strategies
Propose a mitigation strategy for each identified risk. Include considerations for identity security, data protection, and the specific requirements for critical entities as highlighted in the NIS2 directive.
Compliance Challenges
Discuss the challenges that CyberSecure Inc. might encounter while trying to comply with the NIS2 directive. How can these challenges be addressed, given the directive’s less voluntary nature and potential financial penalties for non-compliance.
Incident Response Plan
Outline a basic incident response plan for CyberSecure Inc. that aligns with the NIS2 directive’s requirements, focusing on incident handling, business continuity, and the role of C-level executives.
Future Preparedness
Suggest two long-term strategies that CyberSecure Inc. should adopt to stay compliant with evolving cybersecurity regulations, leveraging internationally recognized frameworks like IEC 62443 and ISO 27001/27002.
Guidance
Guidance are mostly done via Teams.
Dates for guidance:
- 01-12-2023
- 06-12-2023
- 15-12-2023
- 20-12-2023
Groups
You have to be in a group for the hand in and the exam.
Link to Excel file with the groups:
Exam dates
The exam are in groups basede on a written group report, max 4 pages:
- 20 min presentation per group
- 10 minutes per Student
Hand in 22-12-2023 at 12:00 in WiseFlow
| Dates | |
|---|---|
| 03-01-2024 | Wednesday |
| 04-01-2024 | Thursday |
| Re-Exam | |
|---|---|
| 22-01-2024 | Monday |
| 05-02-2024 | Monday |