What is the NIS 2 Directive?

The NIS 2 Directive , officially known as the "Network and Information Security (NIS2) Directive", was published in the EU Official Journal on 27 December 2022 and entered into force on 16 January 2023. This directive specifically targets critical infrastructure operators and essential service providers by enforcing robust cyber security measures and prompt reporting of incidents to relevant authorities. EU member states are required to transpose it into national law by October 2024.

The NIS-2 directive strengthens cybersecurity requirements and sanctions, with the aim of harmonizing and increasing security levels in member states. It introduces stricter requirements for various sectors, covering aspects such as cyber risk management, control and monitoring, incident response and business continuity. In addition, the directive widens its scope to include more organizations by introducing stricter liability rules for their managers.

Why is the NIS 2 Directive important to you?

In today's fast-paced digital age, when organizations face complex cyber threats, the importance of robust cyber security measures is undeniable. The NIS 2 Directive is being established as key legislation providing a comprehensive framework to strengthen the cyber defences of organizations in sectors such as energy, transport, banking, healthcare and digital services. Following its requirements allows organizations to reduce risks, protect sensitive data, and benefit from improved defences against cyberattacks, better incident response capabilities, and overall increased security.

NIS 2 prepared organizations will demonstrate their deep understanding of the directive's requirements, implementation strategies and best practices for protecting critical infrastructure from cyber threats. With this knowledge, they will be able to rely on effective cyber threat management and the implementation of appropriate measures, while ensuring compliance with the NIS 2 Directive.

What are the benefits from NIS 2 Training Course?

NIS 2 training focuses on the framework of the Directive itself. It is based on an in-depth analysis of key principles, requirements and compliance measures related to it.

• Understanding the framework of the NIS 2 Directive, its principles and requirements
• Interpretation of the framework of the NIS2 Directive
• Identification of critical infrastructure
• Develop effective implementation strategies
• Acquire a solid knowledge base in cybersecurity risk management, incident management, compliance requirements and best practices
• Developed skills to effectively communicate cybersecurity concepts and strategies to stakeholders at all levels of the organization
• Advanced ability to assess and mitigate cybersecurity risks, allowing you to contribute to the overall security of the organization

The training will help participants understand the requirements of the NIS2 Directive, the role of competent authorities and the measures needed to ensure effective cyber security in organisations.

They will also learn to create incident response plans, carry out risk assessments and ensure compliance with the NIS2 Directive.

By the end of the training, participants will have the necessary skills and knowledge to effectively manage the implementation of the NIS2 Directive within their organization.

---

Target audience for NIS 2 training

IT Security Specialists

IT security professionals need to understand cybersecurity principles and practices, along with the technical skills needed to implement the NIS2 Directive. This includes expertise in network security, secure coding, incident response and risk management. Knowledge of EU data protection laws is also important for compliance. The NIS2 directive has a major impact on the role of IT security professionals, focusing more on proactive risk management and incident reporting.

Competent authorities and regulators

The NIS2 Directive has been amended. This affects the competent authorities and regulators in the EU. They need to accommodate the wider range of critical sectors and web services. New incident notification requirements are also being introduced.

To understand and implement the NIS2 Directive, they can participate in training and upskilling programmes. These programs focus on new regulations, risk management and incident response techniques.

Cyber Security Consultants

Cybersecurity consultants help businesses and organizations address cybersecurity challenges and enable business processes in a secure manner. Cyber threats are becoming more advanced, so consultants are important in detecting and mitigating risks. They create customized solutions to protect data, stop unauthorized access and comply with regulations. Consultants continue to learn about new threats and solutions by attending trainings, industry events and conducting research. This helps them provide effective advice.

All employees that are critical for the business and dealing with digital information.

Everyone that is dealing with information security and digital data information is crucial for the organization. Now more than the weakest link in the chain is the human. In order to secure the human, you need to provide him/her with the relevant up-to-date education and awareness training. There are multiple ways to attract all the employees and to rapidly increase their security knowledge & skillset.

How do I start training under the NIS 2 directive?

Improve your knowledge and skills in the NIS 2 Directive through our customized training program. Our team of experts is dedicated to helping you gain specific knowledge and skills under the NIS 2 Directive. A certificate is issued to those who have completed the training.

Use the contact form, in order to NIS 2 Training without undue delay.

The Network and Information Security Directive 2 (NIS 2) (Full name: "Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high general level of cyber security in the Union, for amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (NIS 2 Directive)'' is the first part of pan-European cybersecurity legislation. Its specific goal is to achieve a high general level of cyber security in the member states of the European Community.

NIS 2 will set the baseline for cybersecurity risk management measures and reporting obligations in all sectors covered by the directive, such as energy, transport, healthcare and digital infrastructure.

The revised directive aims to remove differences in cybersecurity requirements and the implementation of cybersecurity measures across Member States. To achieve this, it lays down minimum rules for a regulatory framework and sets out mechanisms for effective cooperation between the relevant authorities in each Member State. It updates the list of sectors and activities subject to cybersecurity obligations and provides remedies and sanctions to ensure compliance.

The directive will formally establish the European Cyber Crisis Liaison Network, EU-CyCLONE, which will support the coordinated management of large-scale cyber security incidents.

The measures are based on an "all-hazards approach" that aims to protect network and information systems and the physical environment of those systems from incidents and include "at least" the following:

• a) policies for risk analysis and information system security;
• b) incident handling;
• c) business continuity, such as backup and disaster recovery management and crisis management;
• d) supply chain security, including security-related aspects relating to the relationship between each entity and its direct suppliers or service providers;
• e) security in the acquisition, development and maintenance of network and information systems, including processing and disclosure of vulnerabilities;
• f) policies and procedures for assessing the effectiveness of cybersecurity risk management measures;
• g) basic cyber hygiene practices and cyber security training;
• h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;
• i) human resources security, access control and asset management policies;
• j) the use of multi-factor authentication or continuous authentication solutions, secure voice, video and text communications and secure emergency communication systems in the entity, where appropriate.

Deadlines: By 17 October 2024, Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive. They shall apply these measures from 18 October 2024. Directive (EU) 2016/1148 (the NIS Directive) is repealed with effect from 18 October 2024.

Important information: According to Article 20 (Governance), the governing bodies of major and important entities must approve the cybersecurity risk management measures taken by those entities, monitor their implementation, and "may be held liable for violations." NISv2 in Article 34(4) provides for the following fines: Member States shall ensure that, where they breach Article 21 or 23, the main entities are subject, in accordance with paragraphs 2 and 3 of this Article, to administrative fines of at least 10,000 000 EUR or to a maximum of at least 2 % of the total worldwide annual turnover in the previous financial year of the enterprise to which the main entity belongs, whichever is higher.

According to Article 20, Member States shall ensure that "members of the management bodies of essential and important entities are obliged to undergo training" and shall encourage essential and important entities to offer such training to their employees on a regular basis so that they acquire sufficient knowledge and skills which to enable them to identify risks and assess cybersecurity risk management practices and their impact on the services provided by the entity.

Important note for non-EU entities: According to Article 26 (Jurisdiction and Territoriality), if an entity is not established in the EU but offers services within the EU, it appoints a representative in the EU. The representative is established in one of the Member States where the services are offered. Such an entity is deemed to fall under the jurisdiction of the Member State in which the representative is established. In the absence of a representative, any Member State in which the entity provides services may take legal action against the entity for breach of this Directive.

---

What can we do for you and what services do we offer regarding the Network and Information Security 2 (NIS 2) Directive 2020/0359 COM(2020) 823 Directive (EU) 2022/2555 (NIS 2)?

• a. Comprehensive verification and diagnosis of your compliance with the Network and Information Security 2 (NIS 2) Directive 2020/0359 COM(2020) 823 Directive (EU) 2022/2555 (NIS 2). (NIS 2 gap analysis)
• b. Security consulting on already discovered inconsistencies and findings how best to tackle these deficiencies.
• c. Trainings and seminars aimed at familiarizing staff with the Network and Information Security 2 (NIS 2) Directive 2020/0359 COM(2020) 823 Directive (EU) 2022/2555 (NIS 2).
• d. Possibility to purchase a ready-made questionnaire prepared by us, which questionnaire can serve you to identify and analyze your own environment and arrive at the differences between your organization and the standard yourself. The questionnaire is easy and convenient to use and can be conducted as an internal audit by your organization. If necessary, you can combine this service with our consulting service to achieve the best and most effective results.

Compliance with the Network and Information Security 2 (NIS 2) Directive 2020/0359 COM(2020) 823 Directive (EU) 2022/2555 (NIS 2) is a vital step in your development in response to the rising threats associated with the integrity, confidentiality and availability of the information at the right time for you!

Reduce the risk of your information security to the level acceptable to you and trust our many years of experience in providing consulting services on information security. If you have any questions or need advice on NIS 2, please contact us.