{"id":1761,"date":"2026-03-05T11:43:18","date_gmt":"2026-03-05T11:43:18","guid":{"rendered":"https:\/\/www.guardexy.eu\/innovation-in-cybersecurity-easily-report-exactly-according-to-nis2-requirements\/"},"modified":"2026-03-13T19:32:06","modified_gmt":"2026-03-13T19:32:06","slug":"innovation-in-cybersecurity-easily-report-exactly-according-to-nis2-requirements","status":"publish","type":"post","link":"https:\/\/www.guardexy.eu\/en\/innovation-in-cybersecurity-easily-report-exactly-according-to-nis2-requirements\/","title":{"rendered":"Innovation in cybersecurity: easily report exactly according to NIS2 requirements"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

With the arrival of new legislation in the field of cybersecurity, the obligations of municipalities, cities, energy companies, and industrial enterprises have fundamentally changed. The NIS2 Directive and the subsequent Czech Cybersecurity Act impose on selected organizations not only the obligation to actively protect their systems but also to systematically record incidents and, in defined cases, report them to the National Cyber and Information Security Agency (N\u00daKIB). <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Therefore, starting in March, Guardexy is expanding the functionality of its solution. Alongside continuous monitoring of data flows, we are newly launching a monthly history of captured security events and incidents in the form of a structured report, which is prepared for internal audits as well as for official reporting needs. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Why incident logging is essential<\/h5>\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

NIS2 emphasizes not only prevention but also the organization’s ability to demonstrably:<\/span><\/p>

  • detect security events,<\/span><\/li>
  • evaluate their severity,<\/span><\/li>
  • take corrective measures,<\/span><\/li>
  • report significant incidents in a timely manner.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    In practice, this means that mere “traffic logging” is no longer sufficient. A municipality or company must be able to document what happened, when, with what impact, and how the situation was resolved. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Guardexy: from monitoring to auditable reporting<\/h4>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Our solution has long monitored the communication of photovoltaic power plants. Now, however, we not only analyze data in real-time but also systematically archive and classify it. <\/span><\/p>

    The monthly report contains a history of captured events divided by severity, including information needed for internal security management and regulatory obligations.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Four levels of security events according to Guardexy\n<\/h4>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    To correctly interpret and prioritize incidents, we are introducing a uniform classification of data packets and operations into four levels.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t
    \n\t\t\t\n\t\t\t\t
    Protection Level<\/div><\/div><\/div><\/th>
    Description<\/div><\/div><\/div><\/th><\/tr><\/thead>\n\t\t\t\t\t\t\t\t
    Level 0 – Allowed Event<\/div><\/div><\/div><\/td>
    Normal, expected, and legitimate traffic. Typically, this involves standard technology communication, for example:\n\u00b7 automated processes,\n\u00b7 scheduled operations,\n\u00b7 interventions by an authorized user or service,\n\u00b7 data reading (Read) or pre-approved changes (Write).\nThe event has no or negligible impact on operations. It is allowed and recorded only in aggregate for statistical purposes. <\/div><\/div><\/div><\/td><\/tr>
    Level 1 – Security Event\n<\/div><\/div><\/div><\/td>
    A situation that deviates from standard behavior but does not represent a direct disruption of operations, typically:\n\u00b7 unclear or missing communication context,\n\u00b7 non-standard communication patterns,\n\u00b7 operations with limited impact,\n\u00b7 suspicious but harmless behavior.\nThe event is recorded in detail and displayed in the console as a security finding. It primarily serves for the early detection of potential risks. <\/div><\/div><\/div><\/td><\/tr>
    Level 2 – Mitigated Security Incident<\/div><\/div><\/div><\/td>
    At this level, an unauthorized intervention attempt occurs. Typical manifestations include:\n\u00b7 unauthorized configuration changes,\n\u00b7 attempts to control the device without authorization,\n\u00b7 Write or Control operations with significant impact.\nGuardexy technically stops the incident (for example, by blocking communication or restricting access), and no actual disruption of operations occurs. The incident is recorded in the incident log and presented as a mitigated security incident. <\/div><\/div><\/div><\/td><\/tr><\/tbody>\n\t\t\t<\/table>\n\t\t<\/div>\n\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Ready for municipalities, cities, and enterprises<\/h4>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    For the leadership of municipalities and companies, it is crucial that this categorization translates cybersecurity from a purely technical level into a clear managerial view of risks. The report clearly shows what is actually happening in the infrastructure, how severe the situations were, and which of them may have a regulatory impact. The organization thus gains not only protection but also conclusive documentation for audits, inspections, or crisis management. <\/span><\/p>

    For municipalities and cities, this is often the first tool that allows them to fulfill new obligations without the need to build their own security operations center.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    NIS2 is not just about protection, but about accountability<\/h4>\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Modern cybersecurity is no longer just a technical discipline. Equally important is the ability to demonstrate that the organization is proceeding systematically and responsibly. <\/span><\/p>

    Guardexy therefore elevates monitoring to the level of full-fledged security oversight with an audit trail, which helps protect not only the technology but also the organization’s leadership from regulatory risks from N\u00daKIB.<\/span><\/p>

    If you are unsure whether you fall under the mandatory entities, or if you want to be certain that your infrastructure meets the new requirements, please contact us.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    With the arrival of new legislation in the field of cybersecurity, the obligations of municipalities, cities, energy companies, and industrial enterprises have fundamentally changed. The NIS2 Directive and the subsequent Czech Cybersecurity Act impose on selected organizations not only the obligation to actively protect their systems but also to systematically record incidents and, in defined […]<\/p>\n","protected":false},"author":2,"featured_media":1765,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-1761","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news"],"_links":{"self":[{"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/posts\/1761","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/comments?post=1761"}],"version-history":[{"count":1,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/posts\/1761\/revisions"}],"predecessor-version":[{"id":1767,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/posts\/1761\/revisions\/1767"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/media\/1765"}],"wp:attachment":[{"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/media?parent=1761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/categories?post=1761"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.guardexy.eu\/en\/wp-json\/wp\/v2\/tags?post=1761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}