Einheitliche Vorgaben, heterogene Praxis: Potenziale der NIS2-Umsetzung in einer öffentlichen Verwaltung
摘要
The implementation of the NIS2 Directive requires an integrated understanding of information and cyber security that combines strategic governance, rule-based compliance, technical measures, and targeted competence development. Governance, compliance, IT, and training are complementary dimensions of an organizational security level. While the directive sets a binding horizon at the EU level, its translation into federal structures collides with heterogeneous administrative cultures, political objectives, and notions of competence. Based on a comparative case study, the paper demonstrates how NIS2 serves as a normative framework to critically reflect on implementation, awareness, and structures in a German state administration. The analysis highlights cooperation potentials, responsibilities, and divergent interpretations. The aim is to explore the potential and limits of security organization in public administrations and to provide impulses for a more cooperative approach to security responsibilities. The study shows that complex coordination requirements and resource scarcity can hinder implementation, while also providing starting points for interventions through cooperative governance.