Reference Projects

NIS2 compliance - security gap analysis

for Barcika Holding

Barcika Centrum Kft., along with its affiliated entities Barcika Príma Kft. and Barcika Szolg Kft., faced the challenge of achieving compliance with the NIS2 Directive. As service providers in critical infrastructure sectors, they required a thorough assessment of their current IT environment to identify and address gaps between the existing operations and the security requirements mandated by NIS2.

Assess the organization's IT systems to evaluate their current security posture, identify gaps in compliance with NIS2 security classifications, and provide a prioritized action plan for mitigation.

KEY STEPS UNDERTAKEN

1. Review of Security Classification

Utilizing the previously established security classifications, we mapped IT systems into categories of basic, enhanced, and critical security requirements. This provided a baseline for gap assessment.

2. System Risk Assessment

We conducted detailed risk analyses for key systems, including:

Kulcs-Soft ERP modules for finance, payroll, and asset management.
District heating monitoring and billing systems.
Document Management System (DMS One) and customer service application.

3. Gap Identification Across Key Security DomainS

The following critical areas were evaluated:

Physical Security: Server room access control was found to lack electronic monitoring.
Access Control and Authentication: Lack of enforced regular password changes and missing multi-factor authentication for administrative users.
Backup and Recovery: Backup restoration tests were not conducted regularly, compromising data recovery reliability.
Monitoring and Incident Response: Absence of automated security monitoring tools and well-defined SLAs for IT support.

4. Prioritised Risk Mitigation Recommendations

Implement proximity-based access control with logging for server room access.
Enforce multi-factor authentication for critical systems.
Conduct regular backup restoration tests and document the disaster recovery plan.
Establish real-time monitoring solutions and incident response protocols.

Deliverables

Outcome

Security Gap Analysis Report: Comprehensive documentation of gaps, risk levels, and corrective actions.
Mitigation Roadmap: A step-by-step action plan with timelines for compliance.

By addressing the identified security gaps, Barcika Centrum Kft. achieved:

Improved alignment with NIS2 requirements.
Enhanced protection of critical infrastructure systems.
A structured path for ongoing security improvements.

Lessons and Expertise demonstrated

This project illustrates Kosa Consult’s capabilities in:

Tailoring gap analyses to sector-specific regulations.
Providing actionable, risk-prioritized recommendations.
Designing pragmatic implementation roadmaps for compliance.

Our systematic approach ensures that businesses not only meet regulatory standards but also build long-term resilience against cybersecurity threats.