Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
September 2023 Edition
Dear subscribers,
In the ever-changing landscape of cybersecurity, the Cybersecurity Regulatory Act (CRA) stands as a pivotal development. This edition is dedicated to unraveling the CRA’s impact, providing expert insights, and guiding you towards compliance and security excellence. As your trusted source, we are here to equip you for success in this new era of cyber legislation.
Stay Secure, Siebe De Roovere Editor-in-Chief, CISO Insider Newsletter
Dear subscribers,
In the ever-changing landscape of cybersecurity, the Cybersecurity Regulatory Act (CRA) stands as a pivotal development. This edition is dedicated to unraveling the CRA’s impact, providing expert insights, and guiding you towards compliance and security excellence. As your trusted source, we are here to equip you for success in this new era of cyber legislation.
Stay Secure, Siebe De Roovere Editor-in-Chief, CISO Insider Newsletter
Guest article
The latest developments of the CRA – What a CISO needs to know, written by Roeland Lembrechts, Attorney-partner @ Sirius Legal Business Law Firm
Curated content
Personal liability is a big concern for most CISO’s, especially those working with sensitive data. Read more on which safeguards you should expect from your employer. Written by Phil Muncaster
Curated content
Gain detailed insights on which type of assets are the most susceptible to attacks, and have the highest rate of vulnerability. Written by Michael Hill
Toreon insights
“The NIS2 Directive and Cyber Resilience Act (CRA), how will it impact your organization?”, by Toreonites Maxim Baele & Leander Karuranga
Career watch
We are currently looking for a Junior Information Security Officer as well as a Business Development Manager. Sounds like you? Let’s talk!
Europe has not been idle in recent years in terms of legislative initiatives regarding cybersecurity. Both existing and future legislation should make the European market safer in all areas. As a result, in the future, every organization will be increasingly obliged to juggle instruments such as the GDPR, NIS(2), Data Act, Data Governance Act, AI Act, Cyber Security Act, Product Liability Directive, … and last but not least the Cyber Resilience Act (CRA).
A Proposal for this Regulation (CRA) was already published on September 15, 2022, and aims basically that:
This Proposal of the CRA is currently in full swing. The last version was published with changes on August 31, 2023. We list in a nutshell some latest additions that are relevant for every CISO:
We just discussed some new topics, but clearly, this legislation will raise a lot of new questions in practice. For any company wishing to commercialize a product with digital elements on the European market, the CRA will be a challenge to implement this set of new legal security obligations in a timely manner. This requires an organization to deploy quite a lot of resources within a limited time. Each organization only has a period of 24 months from the time the CRA becomes final.
In addition, the CRA is only one part of a full legislative framework with an overlap of different legislative instruments (see, for example, the references at the top of this article) that make all security obligations a complex legal tangle.
So be sure to get the assistance of a cybersecurity lawyer and start preparing early so that costs can be spread over a longer period of time. You can convince your organization’s board in advance because every cybersecurity law provides for liabilities that can also affect each board member personally.
Explore the profound impact of the NIS2 Directive and Cyber Resilience Act (CRA) on organizations, as Toreonites Maxim Baele and Leander Karuranga dissect the future of cyber resilience and governance. Read more to stay ahead in safeguarding your organization’s digital landscape.
Amidst the evolving digital landscape, CISOs are facing a mounting fear: personal liability for data breaches. Explore this issue in Phil Muncaster’s article, which also delves into the question of insurance coverage for CISOs by their employers. Read more to grasp the implications for these cybersecurity leaders.
In an ever-intensifying cybersecurity battleground, Michael Hill’s latest research unveils a stark reality: identifying the most-targeted and most-exposed assets in today’s digital realm. Delve into the findings that shed light on the critical vulnerabilities organizations face and gain insights into the strategies needed to fortify your defenses. Read more to stay ahead in safeguarding your digital assets.
Explore the profound impact of the NIS2 Directive and Cyber Resilience Act (CRA) on organizations, as Toreonites Maxim Baele and Leander Karuranga dissect the future of cyber resilience and governance. Read more to stay ahead in safeguarding your organization’s digital landscape.
Amidst the evolving digital landscape, CISOs are facing a mounting fear: personal liability for data breaches. Explore this issue in Phil Muncaster’s article, which also delves into the question of insurance coverage for CISOs by their employers. Read more to grasp the implications for these cybersecurity leaders.
In an ever-intensifying cybersecurity battleground, Michael Hill’s latest research unveils a stark reality: identifying the most-targeted and most-exposed assets in today’s digital realm. Delve into the findings that shed light on the critical vulnerabilities organizations face and gain insights into the strategies needed to fortify your defenses. Read more to stay ahead in safeguarding your digital assets.
Join our dedicated GRC and privacy team of 15 Toreonites, and work with us to raise and maintain an organization’s security maturity to a higher level.
Join a dynamic OT security team of 5 dedicated Toreonites, tackling exhilarating security projects in utilities and industries.
Be a part of our sales team and proactively explore new markets and customers to drive our growth at Toreon.
Join Toreon, the cybersecurity company that’s all about empowering individuals and organizations in the field of cybersecurity. Our team of over 50 security domain experts is driven by knowledge and impact, partnering with companies to define and implement strategic security roadmaps.
Join our dedicated GRC and privacy team of 15 Toreonites, and work with us to raise and maintain an organization’s security maturity to a higher level.
Join a dynamic OT security team of 5 dedicated Toreonites, tackling exhilarating security projects in utilities and industries.
Be a part of our sales team and proactively explore new markets and customers to drive our growth at Toreon.
All in-person events, hosted by the Data Protection Institute
CISO M3 – Secure System Acquisition and Development
Next training dates:
21-22 November 2023
CISO M1 – Security Governance and Compliance
Next training date:
20-21 September 2023
CISO M4 – Security Operations
Next training date:
26-27 September 2023
CISO M3 – Secure System Acquisition and Development
Next training dates:
21-22 November 2023
CISO M2 – Security Architecture
Next training date:
17-18 October 2023
CISO M5 – Threat & Vulnerability Management
Next training date:
24-25 October 2023
CISO M6 – Leadership
Next training date:
29-30 November 2023
