NIS-2 Directive Training for Managers
Management Training NIS-2-Compliant Risk Management for Information Security
The NIS-2 guideline in a nutshell for management.
This training course is primarily aimed at the top management level, such as the board of directors or management, of operators of critical infrastructures. It provides a compact overview of the requirements and obligations arising from the NIS-2 Directive, its implementation by the NIS-2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG) and places them in the context of KRITIS, i.e. the CER Directive and the KRITIS Umbrella Act on the resilience of operators of critical infrastructures in the sense of an all-hazard approach that includes not only cybersecurity but also physical security.
Management bodies/management of essential and important institutions, such as managing directors, board members, supervisory board members, advisory boards, senior executives.
- Legal basis and legal context of the NIS-2 Directive
- Motivation and objectives of the NIS-2 Directive
- Among other things, the following questions will be answered:
- What are the implications for US businesses?
- Does my institution fall within the scope of the NIS-2 Directive?
- What obligations do members of the governing bodies have to fulfil themselves and which ones can they delegate?
- What are the requirements for essential and important facilities and how do they differ?
- What cybersecurity risk management measures need to be implemented?
- What reporting obligations must be fulfilled?
- What are the personal liability rules and measures of the competent authorities for members of the management bodies?
The first NIS Directive (EU) 2016/1148 has been implemented very differently by EU Member States, especially in terms of scope, i.e. which entities must comply with the Directive, the obligations to implement security measures and report security incidents, and the supervisory and enforcement actions of the competent authorities. For this reason, the EU Commission has issued a new version of the Directive, as Directive (EU) 2022/2555, better known as the NIS 2 Directive, to ensure uniform implementation throughout Europe. NIS stands for security of network and information systems. Compared to the previous version, the scope of application has been significantly expanded with the NIS 2 Directive, so that about ten times more facilities are now affected by it. In addition, the obligations for entities and their governing bodies have been significantly expanded, with members of the governing bodies being personally liable for their institution's breaches of the NIS 2 Directive. Obligations for entities include, for example, implementing cybersecurity risk management, reporting incidents, and ensuring cybersecurity in the supply chain. In addition, the competent authorities have been given extensive supervisory and enforcement powers, which can also directly affect functionaries at management level.
At the end of the course, participants will:
- Receive a compact overview of the requirements resulting from the NIS-2 Directive and its national implementation through the current status of the NIS-2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG).
- Learn about the classification of the NIS-2 Directive and the NIS2UmsuCG in the KRITIS context, i.e. the CER Directive and the KRITIS umbrella law on the resilience of operators of critical infrastructures.
- Gain detailed knowledge of whether your company falls within the scope of the NIS 2 Directive.
- Learn which obligations must be fulfilled directly by the management bodies and for which breaches of duty the management bodies are personally liable.
- Learn about the obligations for IT risk management, the registration and reporting obligations and the role of European and international standards in implementing these obligations.
- Get an overview of the supervisory and enforcement powers of the competent authorities.
- Your questions on the topic will be discussed in the workshop as part of the training.
Instructor-led training in a virtual classroom. This means the course is Live Online. Participants will learn through online teaching. Lectures, case studies, group exercises, discussions, problem solving, examples with explanation, assignments and/or quizzes happen in the virtual classroom training. Participants need to connect to the class from any internet accessible location. Each module is delivered live using webinar technology, creating a virtual classroom learning environment. Live sessions provide you with direct access to the trainer so you can ask questions, understand complex concepts and share ideas with peers. Webcam and microphone are REQUIRED to interact with the instructor and/or other participants.
The course content and structure are designed by the domain experts from TÜV SÜD. With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.