NCSC issues cybersecurity governance guidance under NIS2
Jim O’Callaghan
The National Cyber Security Centre (NCSC) has published Guidance on Cyber Governance for Management Board Members in NIS2 Entities.
The guidance is designed to help accounting officers and management board members, including CEOs, managing directors, CIOs and CISOs, understand and meet their cybersecurity responsibilities under the NIS2 Directive.
At the centre of the guidance is the Cyber Fundamentals Framework (CyFun), the NCSC’s preferred risk-based framework for helping organisations put their legal obligations into practice.
The introduction of the NIS2 Directive represents a landmark shift in the legislative landscape, assigning accountability for cybersecurity risk management to the highest level of executive management.
To support organisations, the NCSC recommends the CyFun framework as the preferred national approach to meeting these requirements. CyFun provides a “practical, structured way” for organisations to strengthen their cybersecurity and demonstrate compliance with NIS2. It encourages organisations to “move beyond simply meeting regulatory requirements and towards managing cyber risk as part of good governance”.
Justice minister Jim O’Callaghan said: “Cybersecurity has evolved far beyond a technical challenge handled in server rooms; it is now a fundamental boardroom priority. Ireland’s economic prosperity and social wellbeing are inextricably linked to the strength of our digital infrastructure. Recognising this, NIS2 requires accountability at the highest level of executive management for ensuring the smooth running of essential economic and societal services.
“By strengthening your organisation’s defences through this guidance and the CyFun framework, you are doing more than meeting regulatory obligations, you are protecting your business/public service and reinforcing public trust in our digital infrastructure. Your leadership at the board level is the foundation upon which we will build a safe, resilient, and trusted digital Ireland.”

