The National Cyber Security Center (NCSC) and the Digital Trust Center (DTC) are introducing a renewed, joint set of basic principles to strengthen the digital resilience of Dutch companies and organizations. With the arrival of this uniform and broadly aligned set of basic principles, there is now a single guideline applicable to all companies and organizations in the Netherlands.
For Dutch companies and organizations, digital security is a prerequisite for seizing the opportunities of the digital economy. The reality is that they face cyber threats on a daily basis. Companies and organizations must guard against these threats and invest sufficiently in security. The new set of 5 basic principles helps to put the basics in order to increase digital resilience. These basic principles are as follows.
By identifying your dependencies and interests, you will know what threats are relevant, what your interests to protect are, what risks arise and how to address them.
Basic principle 1: Map your risks.
Employees can unintentionally or intentionally cause great harm to an organization. Promote safe behavior by focusing on a safe culture, learning from mistakes, sound processes and awareness.
Basic principle 2: Promote safe behavior
Systems, applications and devices keep your organization running, but vulnerabilities can cause major disruptions. Protect them by choosing secure settings and detecting threats early.
Basic Principle 3: Protect systems, applications and devices
Determine what systems and data each employee needs access to in order to work. Ensure that access rights are updated when someone moves to a new position or leaves the organization.
Basic principle 4: Manage access to data and services
Incidents are inevitable, so prepare. To be resilient to digital incidents, it is important to know how to respond to incidents and how to repair the damage if things do go wrong.
Basic principle 5: Prepare for incidents.
The updated basics are in response to the Dutch Cybersecurity Strategy (NLCS) developed by the DTC and the NCSC, which as of January 1 will continue as a one organization. Not only their own existing guidelines were taken as a starting point, but also those of other organizations, such as the AIVD, CIO Rijk, Cyberveilig Nederland and RDI. In terms of content, the updated set is based on existing guidelines such as NIST CSF and NIS2. "We put the different guidelines and principles side by side and analyzed them. Based on similarities and differences, we selected the most relevant elements and brought them together into a common, widely supported set," said Anthonie Drenth, cybersecurity advisor at the NCSC.
Basic principles widely applicable
For the common basics, the DTC and the NCSC each had their own separate guidelines for their own target audiences. The DTC focused on nonvital businesses and organizations and the NCSC focused on central government and organizations in vital sectors. "A small business owner often has different resources and risks than a vital organization, but with these basic principles every organization gets an unambiguous and uniform grip from the government," said Matthijs van Amelsfort, director of the NCSC. "The basic principles are designed to be both practical and widely applicable. They offer concrete tools with which both small and large, vital and non-vital companies and organizations can improve their digital security."
