Ins and outs of security regulation (N-sight - VIRTUAL MEETING)

Location:virtual meeting



Although the EU Network and Information Security directive (NIS Directive) was transposed into Belgian law and became applicable on 3 May 2019, there is still little awareness about it and its requirements. And it is just one of the many security regulations surrounding organisations. There are plenty more texts relevant to security, including the ENISA guidelines and recommendations, and ISO standards, to name just two.


The challenges these create are many and complex. First, you need to get to grips with all relevant regulations, rules and best practices. But then, how do you implement them in your organisation? How do you compile all the information in a comprehensive and comprehensible policy? And how do you ensure adoption of the policy by your company’s staff?


We’ll take a look at these elements in this online session. We’ll hear from the Centre for Cyber Security Belgium on the NIS notification requirements, then dive into how to develop a security policy with the real-life case of the FISP. Then, Beltug will share the new ‘NIS Questionnaire’, which you can use when discussing compliance with your ICT suppliers.




This event will be held as a virtual meeting. The link will be provided in the Confirmation email.





13:30 Introduction


Christophe Geuens, Business Manager, Beltug (English)


13:40 The role of the National CSIRT (CCB) in incident notification and security measures


In this presentation, you'll gain insights on the NIS through the notification requirements. ‘Operators of essential services’, as defined in the NIS, are required to report, without delay, all incidents that significantly impact the availability, confidentiality, integrity or authenticity of networks and information systems that are crucial to providing those essential services.


However, any organisation may voluntarily report incidents that significantly impact the continuity of their services. Furthermore, doing so will not result in additional obligations beyond those already applicable. Keep in mind, though, that the CCB may prioritise the processing of the mandatory notifications imposed by the NIS Act over voluntary notifications.


Valéry Vander Geeten, Legal Officer, DPO and Project Manager NIS, Centre for Cyber Security Belgium (English)


14:10 Case: FISP - Federal Information Security Policies: Approach, constraints and lessons learned

In this session, you'll learn how to get started with your information security policy, illustrated by the process used by the Federal Information Security Policies (FISP). More and more, public administrations exchange data and collaborate 'electronically'.  They also increasingly share infrastructure to carry out different missions.

FPS BOSA contributed in the past to some of the guidelines published by the CCB and the Cyber Security Coalition.  Working together, they highlighted the need to streamline and standardise the approach used throughout the various Federal Public Services.  A work group was initiated, to publish guidelines (mostly based on ISO27xXX) and best practices, and to propose them freely to all FPS and anyone interested.


Daniel Letecheur, CISO - DPO, Federal Public Service Strategy and Support (FPS BOSA) (English)


14:40 Beltug NIS Questionnaire

How do you discuss NIS requirements with your ICT providers? To support our members, Beltug will make available a questionnaire with key questions to ask. In this presentation, we will explain the idea and purpose of the document, and how to use it in your discussions with providers about NIS compliance.


Jean-Pierre Bernaerts (editor of the questionnaire), External DPO & Data Protection Advisor, DPOffice


15:00 Q&A: Your questions, your experience


15:20 Wrap up & End