This is an excerpt from a recent educational article by Rockwell Automation:
NIS2 recommends a risk-based approach, which aligns with best security practices for IT and OT. To understand risk, industrial organizations first need to understand the vulnerabilities in their environment and what those represent in terms of criticality to the organization. This knowledge will surface gaps in defenses, enable prioritization, and help establish what countermeasures are needed to help protect IT and OT environments and improve NIS2 readiness.
Cybersecurity frameworks are a core aspect of any organization’s cybersecurity strategy. Adopting a cybersecurity framework also provides a blueprint for NIS2 compliance as the NIS2 Directive maps to several established frameworks.