Ozona Consulting · ISO 20000, ISO 270001, ISO 22301 consultancy

NIS2 Fundamentals

NIS2 Fundamentals Training

 

Directive (EU) 2022/2555, known as NIS2, strengthens the cybersecurity of essential and important entities in the European Union. It expands the scope of the first NIS Directive and introduces new obligations regarding cybersecurity risk management, incident notification, governance and management responsibilities.

This training introduces the fundamental aspects of NIS2: scope of application (essential and important entities), technical and organisational obligations, notification duties, board responsibilities, supervision and sanctions regime.

The course is useful for both senior management and technical and compliance teams that must prepare the entity for compliance with the directive.

KEY FEATURES OF THE COURSE

SCOPE AND CATEGORIES

Identification of essential and important entities and sectors in scope.

TECHNICAL OBLIGATIONS

Risk management measures, technical and organisational controls, digital supply chain.

GOVERNANCE AND NOTIFICATION

Board responsibilities, notification duties and sanctions regime.

TARGET AUDIENCE

  • Members of the management body of essential and important entities
  • CISO and information security officers
  • IT, risk, compliance and internal audit managers
  • Digital supply chain managers
  • Legal advisors and consultants in regulatory cybersecurity

No prior knowledge required. Level: introductory.

COURSE DETAILS

DURATION AND FORMAT

8 hours, in one day (8h) or two online sessions of 4 hours. Live online or on-site format, in-company or multi-client.

 

LANGUAGE AND MATERIALS

Course in Spanish. Course manual in electronic PDF format.

 

CERTIFICATE

Attendance certificate upon completion of the course.

 

WHAT IS INCLUDED?

  • Training
  • Course manual in electronic PDF format
  • Attendance certificate

COURSE PROGRAMME

8 hours distributed across 3 blocks.

BLOCK 1 · INTRODUCTION TO NIS2

  • European regulatory context and national transposition.
  • Differences between NIS (2016) and NIS2 (2022).
  • Scope of application: essential and important entities.
  • Sectors in scope, size thresholds and exceptions.
  • Relationship with DORA, CER, ENS and GDPR.

BLOCK 2 · RISK MANAGEMENT OBLIGATIONS

  • Mandatory technical, operational and organisational measures.
  • Cybersecurity risk management: analysis and treatment.
  • Digital supply chain: due diligence and contractual clauses.
  • Business continuity and crisis management.
  • Encryption, authentication and access management policies.

BLOCK 3 · GOVERNANCE, NOTIFICATION AND SUPERVISION

  • Responsibilities of the management body.
  • Notification duties: early warning, incident notification, intermediate and final report.
  • Deadlines and competent authorities.
  • Sanctions regime and supervision.
  • Adaptation plan and implementation roadmap.

Request information about the NIS2 fundamentals training

    Interested in an in-company sessionOther editions