Romanian Cyber Security Journal / Spring 2026, No. 1, Vol. 8

Operationalizing NIS2 Compliance through SIEM-Driven Alert and Incident Management

Cosmin-Matei MĂCĂNEAȚĂ

---

Abstract

The NIS2 Directive (EU) 2022/2555 aims to improve cybersecurity rules for organisations with a focus on critical operators. To meet the new requirements, organisations must be able to monitor, detect and report cyber incidents effectively. Security Information and Event Management (SIEM) solutions from leading providers are designed to monitor and track certain activities on IT systems in order to quickly detect and process security threats. This article explains how SIEM systems handle alerts and incidents in Security Operation Centres (SOCs), in particular how they handle false positives, the mechanisms behind alert fatigue, how to correlate events, and how to conduct incident investigations. We also illustrate how these typical functions help organisations to meet the requirements of the NIS2 Directive and to enhance their security operations in general.

Keywords

SoC, Alert Correlation, Cybersecurity Monitoring, Incident Management, NIS2 Directive, SIEM