Reference Projects

NIS2 Compliance - Security Gap Remediation

for NIS2 berény-kenyér kft.

Following a comprehensive security gap analysis, Berény-Kenyér Kft. engaged Kosa Consult to implement the necessary technical, procedural, and documentation-based changes to achieve full compliance with the NIS2 Directive. This project addressed high-priority vulnerabilities identified during the assessment, ensuring the secure operation of critical infrastructure services.

Close identified security gaps by deploying technological upgrades, defining security processes, and developing comprehensive documentation to align with NIS2 requirements.

KEY STEPS UNDERTAKEN

1. Enhancement of Physical Security Controls

Implementation of Proximity-Based Access Control: Replaced manual key access with an electronic access control system using RFID proximity cards.Access Logging and Monitoring: Integrated logging mechanisms to track server room entry events.Policy Update: Established a physical security policy outlining roles, access levels, and incident reporting procedures.

2. Strengthening Access Control and Authentication

We conducted detailed risk analyses for key systems, including:

Multi-Factor Authentication (MFA): Rolled out MFA for all administrative users across critical systems.
Password Management Policy: Enforced regular password changes and complex password requirements.
Centralized Authentication System: Consolidated user authentication to reduce redundant entry points.

3. Backup and Disaster Recovery Enhancements

Regular Backup Restoration Tests: Instituted quarterly recovery tests to ensure data recovery reliability.
Documentation of Disaster Recovery Plan (DRP): Created a DRP with defined roles, recovery time objectives (RTO), and recovery point objectives (RPO).
Backup Automation and Monitoring: Implemented automated backup status alerts to detect failures in real-time.

4. Deployment of Security Monitoring and Incident Response Tools

Real-Time Security Monitoring: Installed a centralized monitoring solution with automated alerts for critical events.
Incident Response Plan (IRP): Developed an IRP detailing response procedures, escalation paths, and post-incident review protocols.
Service Level Agreements (SLAs): Defined and documented SLAs for IT support, specifying response times and service expectations.

5. Comprehensive Documentation and Training

Policy and Process Documentation: Developed user-friendly guides and procedural documentation covering access management, data protection, and system recovery.
Staff Training Sessions: Delivered security awareness training focused on recognizing phishing threats, handling sensitive data, and following incident reporting protocols.

Deliverables

Outcome

Technology Implementations: Fully operational security tools and automated monitoring systems.
Policy Framework: Comprehensive policies for physical access, authentication, incident handling, and backups.
Training and Awareness Materials: Interactive workshops and materials for ongoing staff education.

The successful remediation project resulted in:

E nhanced compliance with NIS2 standards.
Increased resilience and security of critical IT infrastructure.
Reduced operational risk and improved data protection.

Lessons and Expertise demonstrated

This project demonstrates Kosa Consult’s capabilities in:

Executing end-to-end security enhancement projects.
Integrating regulatory compliance requirements into practical solutions.
Ensuring long-term operational resilience through tailored training and robust documentation.

Our hands-on approach ensures sustainable security improvements that align with both regulatory demands and business objectives.