7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

3.6 Post-incident reviews

3.6.1. The relevant entities shall carry out post-incident reviews that shall identify the root cause of the incident and result in lessons learned to reduce the occurrence and consequences of future incidents.

3.6.2. The relevant entities shall ensure that post-incident reviews contribute to improving their approach to network and information security, to risk treatment measures, and to incident handling, detection and response procedures.

3.6.3. The relevant entities shall review at planned intervals if significant incidents led to post-incident reviews.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!