NIS2 Preparation – IT Security Assessment for Városgazda XVIII. Kerület Nonprofit Zrt. and Városrehab18 Nonprofit Zrt. – In Line with the NIS2 Directive

Athalie Consulting, in partnership with Gill & Murry, carried out an IT security assessment for Városgazda XVIII. Kerület Nonprofit Zrt. and Városrehab18 Nonprofit Zrt. The goal was to evaluate their current security posture. In addition, we provided guidance to help them meet the requirements of the NIS2 directive taking effect in 2024.

What is NIS2 and What Does NIS2 Preparation Involve?

NIS2 (Network and Information Systems Directive 2) is the European Union’s updated cybersecurity directive. It introduces stricter IT security and incident response obligations for organizations in essential and important sectors. The aim is to ensure a unified and high level of protection across the EU.

This is especially important for public services, such as municipal institutions. The directive focuses on prevention, detection, response, and increased resilience.

During preparation, Athalie Consulting and Gill & Murry assess how well an organization meets these expectations. We review the IT security framework and incident handling practices. Most importantly, we help ensure that companies avoid penalties during a future NIS2 audit.

Assessment Scope and Key Areas

The assessment included a wide range of systems and services:

• Linux Servers: We reviewed Debian and Ubuntu systems. We paid special attention to update management, exposed services, and access control settings.

• Microsoft Infrastructure: We assessed Windows Servers with MSSQL databases, along with Windows 10 and 11 clients. In this area, we focused on patch management, antivirus protection, domain policies, and configuration compliance.

• NAS Devices: We checked firmware versions, configuration settings, and security for internet access.

• Microsoft 365: We evaluated multi-factor authentication, access rights, and audit log availability.

• STZFH Registration Data: We used public IPs, domain names, and service lists to map potential attack surfaces.

• Websites: We examined several WordPress-based sites. Here, we looked for outdated plugins, insecure themes, missing HTTPS certificates, and the lack of ongoing maintenance.

• Custom Web Applications: Using SAST and DAST tools, we scanned source code and runtime behavior to detect vulnerabilities.

• Domain Controller: We analyzed the security of the central authentication system. Since this is a critical network component, we gave it extra focus.

Findings and Recommendations

We found several areas where security practices were strong. However, there were also opportunities for improvement. For instance, we recommended better software update routines and stricter controls for external access.

Moreover, we strongly advised implementing regular cybersecurity awareness training for employees.

Conclusion

Meeting NIS2 requirements brings new challenges for the public and nonprofit sectors. However, the example of Városgazda XVIII. Kerület Nonprofit Zrt. and Városrehab18 Nonprofit Zrt. shows that timely preparation pays off.

With expert support and a structured approach, organizations can start this journey smoothly. Athalie Consulting and our partner, Gill & Murry, are committed to delivering tailored and future-proof security solutions.

Is your organization covered by NIS2? Want to avoid penalties at the next audit?

Let’s talk. We’ll help you uncover vulnerabilities and strengthen your defenses.

📩 Contact us today – and let’s build a more secure future together.