Home Page
About the Journal
Mission and goals of the Journal
Editorial
The scientific board of the journal
The ethical principles applicable in the journal
Copyright, sharing, archiving
Plagiarism detection system
Journal Issues
Database of knowledge
The NIS2 Directive
The DSA Regulation
The DNS Identity Report by ENISA
Contact
Author Guidelines
Review process
Review procedure
Reviewers
ARTICLES / RESEARCH PAPER
NIS 2 Directive
AS A TOOL FOR STRENGTHENING LOCAL AND NATIONAL SECURITY
IN THE AREA OF CYBER THREATS
1
Katedra Fizjoterapii Klinicznej
Zakład i oddz. Kliniczny Fizjoterapii w Neurologii, Akademia Wychowania Fizycznego im. Jerzego Kukuczki w Katowicach, Polska
2
Katedra nauk o bezpieczeństwie i prawa, Akademia Wychowania Fizycznego w Katowicach, Polska
Submission date: 2025-10-30
Final revision date: 2025-12-06
Acceptance date: 2025-12-09
Publication date: 2025-12-09
Corresponding author
Bartosz Głowacki
Katedra nauk o bezpieczeństwie i prawa, Akademia Wychowania Fizycznego w Katowicach, Mikołowska 72a, Katowice, Polska
Katedra nauk o bezpieczeństwie i prawa, Akademia Wychowania Fizycznego w Katowicach, Mikołowska 72a, Katowice, Polska
dot.pl 2025;(I)
KEYWORDS
TOPICS
ABSTRACT
Abstract (ENG)
The NIS2 Directive and the amended Polish National Cybersecurity System Act introduce more stringent requirements regarding risk management, incident reporting, and executive accountability. This article examines the implications of these regulations for local and national security, with particular emphasis on critical infrastructure and essential services at the municipal level. Based on an analysis of legal acts, industry reports, and scientific literature, the study evaluates the organizational maturity of obligated entities and identifies key implementation challenges. The findings demonstrate that the effectiveness of Directive NIS2 is highly dependent on institutional capacity, the availability of local resources, and the robustness of national oversight mechanisms.
REFERENCES (35)
1.
Alhassan, I., Sammon, D., & Daly, M. (2020). Critical success factors for incident response capability in public sector organizations. Government Information Quarterly, 37(4), 101–112. https://doi.org/10.1016/j.giq....; s. 105–107.
2.
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose...; s. 5–7.
3.
Bada, A., & Nurse, J. R. C. (2019). Developing cybersecurity education and awareness programmes for a security ecosystem. Information & Computer Security, 27(2), 224–242. https://doi.org/10.1108/ICS-04...; s. 230–233.
4.
Biznes.gov.pl. . (2024). Walka z cyberprzestępczością – nowe obowiązki firm w dyrektywie NIS2. Warszawa: Ministerstwo Rozwoju i Technologii; s. 2–3.
6.
Culot, G., Nassimbeni, G., Podrecca, M., & Sartor, M. (2021). The ISO/IEC 27001 information security management standard: Literature review and theory-based research agenda. The TQM Journal, 33(7), 76–105. https://doi.org/10.1108/TQM-09...; s. 90–92, 91–92.
7.
Deloitte. (2024). Cyberbezpieczeństwo w administracji publicznej: Wyzwania i rekomendacje. Warszawa: Deloitte Polska; s. 12–14. — tamże, s. 14–16.
8.
ENISA. (2023). Incident Response in the Public Sector: Guidelines for NIS2 Implementation. Athens: European Union Agency for Cybersecurity; s. 12–16.
9.
ENISA. (2023). Threat Landscape 2023. Athens: European Union Agency for Cybersecurity; s. 22–25.
11.
European Union. (2022). Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2 Directive). Official Journal of the European Union, L 333, 80–152. https://eur-lex.europa.eu/lega... — tamże, s. 82–85. — tamże, s. 95–100. — tamże, s. 101–104. — tamże, s. 105–108. — tamże, art. 21, art. 21–23, art. 23–28.
12.
European Union Agency for Cybersecurity (ENISA). (2023). Risk Management Guidelines for the Public Sector. Athens: ENISA; s. 15–18.
13.
European Union Agency for Cybersecurity (ENISA). (2025). ENISA Threat Landscape 2025 Report. Athens: ENISA; s. 18–20.
14.
Gartner. (2021). Best Practices for Business Continuity and Disaster Recovery Testing. Stamford: Gartner Research; s. 7–9.
15.
Hadlington, L., & Parsons, K. (2017). Human factors in cybersecurity: Examining the role of human error in the public sector. Journal of Information Security and Applications, 34, 41–52. https://doi.org/10.1016/j.jisa...; s. 45–46.
16.
Hossain, S. T., Yigitcanlar, T., Nguyen, K., & Xu, Y. (2024). Understanding local government cybersecurity policy: A concept map and framework. Information, 15(6), 342. https://doi.org/10.3390/info15.....
17.
IBM. (2023). Cost of a Data Breach Report 2023. IBM Report: Half of Breached Organizations Unwilling to Increase. https://newsroom.ibm.com/2023-....
18.
ISO. (2019). ISO 22301:2019 Security and resilience – Business continuity management systems – Requirements. Geneva: International Organization for Standardization; s. 12–18.
19.
Kankanhalli, A., & Lim, J. (2022). Building cyber resilience in public sector organizations: The role of ISO/IEC 27001. Government Information Quarterly, 39(3), 101–118. https://doi.org/10.1016/j.giq....; s. 106–107.
20.
KPMG. (2024). Barometr cyberbezpieczeństwa 2024: Na fali, czy w labiryncie regulacji? Warszawa: KPMG Polska; s. 27–28.
21.
Kozakiewicz, A., & Nowak, J. (2023). Zarządzanie bezpieczeństwem informacji w administracji publicznej w kontekście dyrektywy NIS2. Zeszyty Naukowe Politechniki Śląskiej. Organizacja i Zarządzanie, 167, 85–96; s. 90–92, 91–93, 92–94.
22.
Kulesza, J. (2019). Rola inspektora ochrony danych w administracji publicznej. Przegląd Prawa Publicznego, 11(5), s. 28–30.
23.
Logical Systems Inc. (2021). Security incident at Oldsmar Water Treatment Plant and lessons learned. Oldsmar, FL: Logical Systems Inc; s. 1–2.
24.
Ministerstwo Cyfryzacji. (2024). Projekt nowelizacji ustawy o krajowym systemie cyberbezpieczeństwa – implementacja dyrektywy NIS2. Warszawa: Gov.pl.; s. 1–3. — tamże, s. 3–4.
25.
Ministerstwo Cyfryzacji. (2025). Cyberzagrożenia w Polsce 2025: Najczęściej atakowana infrastruktura krytyczna. Mikrokontroler.pl. . https://mikrokontroler.pl/2025... (s. 1–2: wzrost liczby incydentów o 60%, w tym ataki na administrację publiczną, transport i ochronę zdrowia).
26.
NASK. (2024). Raport o stanie bezpieczeństwa cyberprzestrzeni RP 2023. Warszawa: NASK; s. 40–45, 42–44, 43–45.
27.
NASK. (2024). Nowelizacja ustawy o krajowym systemie cyberbezpieczeństwa: Najważniejsze zmiany dla podmiotów. Warszawa: NASK; s. 3–5.
28.
OECD. (2001). Public Sector Leadership for the 21st Century. Paris: OECD Publishing; s. 33–36. https://doi.org/10.1787/978926.....
29.
OECD. (2020). The OECD Digital Government Policy Framework: Six dimensions of a Digital Government. OECD Public Governance Policy Papers, No. 2. Paris: OECD Publishing. https://doi.org/10.1787/f64fed...; s. 18–20.
30.
OECD. (2023). Cybersecurity Policy Framework for Local Governments. Paris: Organisation for Economic Co-operation and Development; s. 12–15.
31.
OECD. (2023). Digital resilience in local public services. Paris: OECD Publishing; s. 27–29. https://doi.org/10.1787/978926.....
32.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Boca Raton: Auerbach Publications; s. 45–47.
33.
Proofpoint. (2023). Human Factor Report 2023. Sunnyvale, CA: Proofpoint Inc; s. 8–10.
34.
Ruohonen, J. (2024). A systematic literature review on the NIS2 Directive. arXiv preprint arXiv:2412.08084; s. 7–8.
35.
Wallis, T., & Dorey, P. (2024). Collaboration practices for the cybersecurity of supply chains to critical infrastructure. Applied Sciences, 14(13), 5805. https://doi.org/10.3390/app141...; s. 3–4.
Share
RELATED ARTICLE
| ISSN: | 2957-2150 |
Publisher
NASK – National Research Institute
Kolska Street 12
01-045 Warsaw, Poland
www.nask.pl; www.dns.pl
E-mail: kontakt@journaldot.pl
Kolska Street 12
01-045 Warsaw, Poland
www.nask.pl; www.dns.pl
E-mail: kontakt@journaldot.pl
© 2006-2025 Journal hosting platform by Bentus
We process personal data collected when visiting the website. The function of obtaining information about users and their behavior is carried out by voluntarily entered information in forms and saving cookies in end devices. Data, including cookies, are used to provide services, improve the user experience and to analyze the traffic in accordance with the Privacy policy. Data are also collected and processed by Google Analytics tool (more).
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
