A conference talk transcript explaining the EU NIS2 directive (Network and Information Systems Directive 2) from a developer's perspective. NIS2 applies to essential and important entities in critical sectors, requiring auditable security controls. The speaker distills 161 controls from ENISA's implementation guidelines into five developer-relevant domains: incident handling (smart logging, early detection, evidence protection), supply chain security (dependency mapping, SBOMs, proactive patching), secure development lifecycle (secure by design, hardening, testing), cryptography (strong standards, key management, encryption of critical data), and access control (least privilege, MFA, privileged account protection). The core message is that NIS2 formalizes security practices developers should already follow, but now requires documented, auditable evidence.
Sort: