Procuring cyber security services

Doing it yourself or outsourcing in cyber security is a hotly debated topic in every organisation. Important questions in this context include: when is our resilience at the required level, and what are acceptable costs? While many organisations have their own security department, they virtually always face challenges in terms of personnel, money and knowledge. This document offers tools to make deliberate choices in outsourcing specific cyber security services.

Intended audience: This publication is intended for organisations that must comply with the NIS2 Directive and was created for people who play a part in controlling cyber security risk.