ITRiskCarriere
itriskcarriere.nl
Home Vacatures Artikelen Organisaties
Over ons
Vakgebieden & Specialisaties Nieuwsbrieven Job Alerts Onze pakketten Contact Careerguide Hubs

Hubs per Sector

Finance
Actuaris Accountant Auditor
Business
Bank Hypotheken Investment
Business Support
Consultancy ESG HRM
Technology
Cyber Cloud AI
Alle hubs bekijken →
Hoofdwebsite
Bezoek →

How companies can deal with the increase of EU Tech regulations

Nieuws
24-09-2024
Yuri Bobbert
Stijgende regelgeving zoals GDPR, NIS en DORA belast bedrijven steeds sterker. Cyberrisico's en de regelgeving daarom heen versterken dit. Zogenaamde in-controlverklaringen kunnen de druk op zowel bedrijven als toezichthouders verlichten.

By Yuri Bobbert

The number of enterprises subject to regulatory requirements has increased significantly under existing and new legislation such as the EU General Data Protection Regulation (GDPR), the Security of Network and Information Systems (NIS) regulations NIS1 and NIS2,[1] and the EU Digital Operational Resilience Act (DORA).[2] Last week Mario Draghi warned these EU legislations are “killing our companies”.[3] Likewise, cyberrisks adds complexity for business owners, investors, financiers, necessitating more thorough due diligence regarding an enterprise’s technology stack. Supervisory bodies will face significant challenges due to talent- and knowledge scarcity and an old-fashioned way of working. Proactive in-control statements put the burden of digital-assurance proof on the company rather than the supervising bodies. I expect this will significantly relieve both entrepreneurs and supervisory bodies.

What Is the Problem, and Who Is Affected?

Regulatory and industry requirements related to cybersecurity are skyrocketing. They include standards imposed by De Nederlandsche Bank (DNB), DORA, the European Union (EU) Cyber Resilience Act,[4] NIS2[5], the SWIFT Customer Security Programme (CSP),[6] US Federal Risk and Authorization Management Program (FedRAMP)[7], International Organization for Standardization (ISO) standard ISO 27001, the Center for Internet Security (CIS) Critical Security Controls[8], the US Federal Information Security Management Act (FISMA),[9] the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53[10], Cloud Security Alliance Capability Assessment Model (CSA CMM)[11], American Institute of Certified Public Accountants (AICPA) Trust Service Criteria (TSC)[12] and the Payment Card Industry Data Security Standards (PCI DSS)[13] etcetera. Managing all these regulations is a complex process for enterprises and regulators who need to supervise their correct implementation. The number of enterprises affected in the European Union alone runs into the millions (Figure 1).[14]

[....]

Lees verder op: isaca.nl

Gerelateerde vacatures

Geïnteresseerd in een carrière bij organisaties in ditzelfde vakgebied? Bekijk hieronder de gerelateerde vacatures en vind de perfecte match voor jou!
IT Risk & Compliance Manager
ANWB
4.105 - 6.618
Medior
Den Haag
Als IT Risk & Compliance Manager bij ANWB bescherm je ICT-systemen tegen cyberrisico’s: je onderhoudt en verbetert het IT-control framework, voert risicoassessments uit, faciliteert workshops, adviseert teams en rapporteert over...
Meer lezen Direct solliciteren
Information Protection Analyst
ABN AMRO
4.466 - 6.380
Medior
Amstelveen
As a Information Protection Analyst at ABN AMRO you protect sensitive data by analysing Microsoft Purview alerts, responding to data loss/misuse incidents, and improving information protection policies.
Meer lezen Direct solliciteren
Information Security Consultant
Top vacature
Blue Sky Group
4.500 - 6.500
Senior
Amstelveen
Als Information Security Consultant bij ons, ontwikkel, implementeer en bewaak je het informatiebeveiligingsbeleid. Samen met je team bescherm je systemen tegen cyberdreigingen, adviseer je over securityvraagstukken en verbeter je beveiligingsmaatregelen...
Meer lezen Direct solliciteren
Senior IT Internal Auditor
Top vacature
Brand New Day
6.000 - 7.500
Senior
Amsterdam
Als Senior IT Internal Auditor bij Brand New Day voer je end-to-end IT-audits uit, van risicoanalyse en scope tot rapportage en opvolging. Je versterkt de auditfunctie, adviseert over IT-governance, security,...
Meer lezen Direct solliciteren
Alle vacatures