NIS2 Assessment for your cyber resilience
Understand whether your organisation falls under NIS2 obligations and discover which cybersecurity measures you must take to comply — and prevent cyber attacks.
Gain clarity on your NIS2 obligations, your current cybersecurity maturity level, and receive a practical, executive-ready roadmap toward compliance and resilience.
Define Attack Surface
During this assessment we will define which devices are connected to your network and which one are open for attacks.
Eliminate common risks
We will help to define the cyber risks in your network, like end-of-life devices, expired device encryption certificates, device vulnerabilities, and devices that are open to the Internet.
Network & Data access
We check how your users are accessing your applications, strength of passwords, presence of shadow applications and the use of Multi-Factor Authentication.
Why Do You Need a NIS2 Assessment?
The new NIS2 Directive introduces stronger cybersecurity requirements for small and medium organisations. Yet many companies are still unclear about:
whether they fall under NIS2
which measures are legally required
how mature their cybersecurity operations are
the risks and hidden vulnerabilities in their IT environment
how to avoid fines, audits and downtime
A NIS2 Assessment provides clarity and helps you strengthen your security posture before attackers strike.
Step 1 : NIS2 Applicability Check
We analyse whether your organisation is legally required to comply with NIS2 by assessing:
sector classification and business activities
number of employees and annual revenue
digital dependencies and critical processes
the impact of disruptions on customers, society, economy
potential classification as “important” or “essential entity”
Deliverable
You receive a clear, easy-to-understand NIS2 Applicability Report.
Step 2: Cybersecurity Maturity Scan
We evaluate your current cybersecurity maturity across four core NIS2 & CyFun domains:
Asset Discovery & Vulnerability Management
Most organisations don’t have a full overview of their IT assets — which leads to blind spots.
We assess:
hardware, software, cloud & data inventory
shadow IT and externally exposed assets
vulnerabilities, outdated software & misconfigurations
patching & update processes
Result: a complete overview of your attack surface.
Identity & Access Management (IAM)
Identity-based attacks are the #1 cause of breaches.
We review:
MFA implementation
user & admin account lifecycle
privilege management
password & authentication policies
device identity & endpoint posture
This domain is fundamental in both NIS2 and CyFun’s Protect function.
Network Authentication & Zero Trust Access
We analyse how your network authenticates and authorises users and devices:
802.1X or certificate-based network authentication
network segmentation & micro-segmentation
BYOD and contractor access
remote & hybrid access controls
Network Access Control (NAC) & Monitoring
Visibility is essential — you cannot secure what you don’t know.
We evaluate:
detection of unknown or rogue devices
isolation/quarantine capabilities
continuous logging & monitoring
SIEM / SOC integration possibilities for 24/7 detection and response to cyber incidents.
Risk Analysis and roadmap to NIS2 compliancy
We translate our findings into an actionable risk report:
Business impact per risk area
- Gap mapping against NIS2 articles
Quick wins + long-term improvements
Based on your gaps and risks, we deliver a practical roadmap:
Technical security recommendations
Organisational measures (policies & procedures)
Governance improvements
Recommended security tools and solutions
Implementation timeline (3, 6, 12 months)