Help center

Authorities and regulators — Belgium

CCB: Centre for Cybersecurity Belgium. The competent Belgian authority for NIS2 — significant cyber incidents are notified here (24h / 72h / 1 month).
DPA: Data Protection Authority. The Belgian regulator for GDPR (in French: APD; in Dutch: GBA). Personal data breaches are notified within 72h. Don't confuse with Data Processing Agreement (also DPA).
CERT.be: Belgian Computer Emergency Response Team. CCB service that helps organisations hit by a cyber incident.

Authorities and regulators — France

ANSSI: Agence Nationale de la Sécurité des Systèmes d'Information. The competent French authority for NIS2. French transposition is in progress (Résilience bill), driven via the MonEspaceNIS2 portal. Receives notifications of significant incidents (24h / 72h / 1 month).
CNIL: Commission Nationale de l'Informatique et des Libertés. The French GDPR regulator. Personal data breaches are notified within 72h.
CERT-FR: French Computer Emergency Response Team, operated by ANSSI. Issues alerts and assists incident victims.
cybermalveillance.gouv.fr: Victim assistance platform (SMEs, individuals, local governments) — guidance and connection to vetted service providers.

Authorities and regulators — Luxembourg

HCPN: Haut-Commissariat à la Protection Nationale. Luxembourg's national cybersecurity authority — drives the national strategy and NIS2 transposition.
ILR: Institut Luxembourgeois de Régulation. Competent NIS2 authority for digital services and critical infrastructure. Receives notifications of significant incidents.
CNPD: Commission Nationale pour la Protection des Données. The Luxembourg GDPR regulator. Personal data breaches are notified within 72h.
CIRCL: Computer Incident Response Center Luxembourg. National CERT for the non-governmental private sector — assistance, alerts, MISP.
GovCERT.lu: CERT for Luxembourg public administrations and operators of vital importance.

Authorities and regulators — Netherlands

NCSC-NL: Nationaal Cyber Security Centrum. The central Dutch cybersecurity authority and NIS2 point of contact for essential entities.
CSIRT-DSP: CSIRT for Digital Service Providers. Receives NIS2 notifications specifically from cloud providers, marketplaces, and search engines.
AP: Autoriteit Persoonsgegevens. The Dutch GDPR regulator. Personal data breaches (datalek) are notified within 72h.
DTC: Digital Trust Center. Dutch government programme that helps SMEs with cybersecurity — alerts, guides, community.

European authorities

ENISA: European Union Agency for Cybersecurity. Publishes guidelines and frameworks and coordinates national CERTs.
EDPB: European Data Protection Board. Coordinates the national GDPR regulators (DPA, CNIL, CNPD, etc.).

Regulations and frameworks

NIS2: Network and Information Security Directive 2. EU directive (2022/2555) imposing cybersecurity obligations on essential and important entities — risk management, incident notification, governance.
GDPR / RGPD: General Data Protection Regulation (in French: Règlement Général sur la Protection des Données). EU regulation (2016/679) governing personal data processing.
ISO 27001: International reference standard for Information Security Management Systems (ISMS). Certifiable.

Roles and functions

DPO: Data Protection Officer. Person responsible for GDPR compliance within the organisation. Mandatory in some cases.
CISO: Chief Information Security Officer. Responsible for the security strategy.

Documents and procedures

DPIA: Data Protection Impact Assessment. Mandatory analysis for high-risk personal data processing.
DPA (agreement): Data Processing Agreement. Contract framing personal data processing by a subcontractor. Don't confuse with the regulator (Data Protection Authority).
IRP: Incident Response Plan. Document describing who does what during an incident.
BCP: Business Continuity Plan. Plan to keep the business running despite a major disruption.
DRP: Disaster Recovery Plan. Technical plan to restore systems after a major incident.
BIA: Business Impact Analysis. Analysis identifying critical processes and dependencies, prep for BCP / DRP.

Security technologies

MFA / 2FA: Multi-Factor / Two-Factor Authentication. Strong authentication combining password + a second factor (TOTP code, USB key, biometric).
TOTP: Time-based One-Time Password. 6-digit code that changes every 30 seconds (Google Authenticator, Authy...).
EDR: Endpoint Detection & Response. Next-gen antivirus that detects suspicious behaviour on endpoints (Defender, CrowdStrike, SentinelOne...).
SIEM: Security Information & Event Management. System that centralises logs and detects suspicious patterns (Splunk, Elastic, Wazuh, CrowdSec...).
DLP: Data Loss Prevention. Tools preventing leakage of sensitive data via email, USB, or cloud.
VPN: Virtual Private Network. Encrypted tunnel for remote access to the internal network.
RBAC: Role-Based Access Control. Model where rights are granted via roles (Admin, Manager, User...) rather than individually.
SSO: Single Sign-On. One login gives access to several applications (Azure AD, Okta...).

Attacks and threats

DDoS: Distributed Denial of Service. Attack saturating a service with massive request volume to take it down.
Phishing: Fraudulent email/SMS/call impersonating a legitimate source to extract credentials, transfers, or malicious clicks.
Vishing: Phone-based phishing (voice phishing). Often targets CFOs for urgent transfer requests.
Ransomware: Malware that encrypts your data and demands a ransom for decryption.

NIS2YOU terms

Tenant: A single isolated client organisation. Each tenant has its own data, users, and configuration. Your data is never visible to another tenant.
Owner / Admin / Risk Manager / Contributor / Auditor: The 5 NIS2YOU roles, from most powerful (Owner) to read-only (Auditor).
P / I (heatmap): Probability / Impact. The two axes for scoring a risk, each on a 1-5 scale.