Day 1 Introduction to the fundamental concepts and definitions of the NIS 2 Directive
Section 1: Training course objectives and structure
- Introduction
- General information
- Learning objectives
- Educational approach
- Examination and certification
- About PECB
Section 2: Standards and regulatory frameworks
- ISO standards
- Digital Markets Act
- Digital Services Act
- Digital Operational Resilience Act
- EU Cybersecurity Act
- European Cyber Resilience Act
- Data Governance Act
- GDPR
- NIST Cybersecurity Framework
- CIS Controls
- Payment Services Directive 2
- NIS Directive
- NIS 2 Directive
Section 3: Introduction to the NIS 2 Directive
- NIS 2 Directive structure, objectives, and subject matter
- Scope of the NIS 2 Directive
- NIS Directive and NIS 2 Directive
- The impact of the NIS 2 Directive
- Essential and important entities
- Transposition
- Administrative fines
- Important EU organizations
- NIS 2 Directive definitions
Section 4: NIS 2 Directive requirements
- Overview of NIS 2 Directive requirements
- Competent authority and single point of contact
- National cyber crisis management frameworks
- Cybersecurity risk management measures
- Union-level coordinated security risk assessments of critical supply chains
- Reporting obligations
- Use of European cybersecurity certification schemes
- General aspects concerning supervision and enforcement
Section 5: Cybersecurity governance
- Cybersecurity governance
- National cybersecurity strategy
- Security policies
- Regulatory and compliance requirements
Section 6: Cybersecurity roles and responsibilities
- Organizational structure
- Roles and responsibilities of involved parties
- Leadership and project approval
- The cybersecurity team
Day 2 NIS 2 Directive requirements for the implementation of a cybersecurity program
Section 7: Risk management
- Establishing the context
- Risk identification
- Risk analysis
- Risk evaluation
- Risk treatment
- Communication and consultation
- Recording and reporting
- Monitoring and review
Section 8: Cybersecurity controls
- Human resources security
- Types of access controls
- Use of cryptography
- Secure authentication
- Security of network services
- Supply chain security
- Strengthening supply chain cybersecurity measures
Section 9: Awareness, training, and communication
- Definition of competence
- Determining competence needs
- Competence development activities
- Competence development program type and structure
- Training delivery and evaluation
- Cybersecurity awareness and strategy
- Cybersecurity awareness plan
- NIS 2 Directive requirements for communication
Section 10: Incident management and crisis management
- NIS 2 Directive requirements for incident management
- Plan and prepare
- Detect and report
- Assess and decide
- Respond
- Learn lessons
- NIS 2 Directive requirements for crisis management
- Organizational leadership in crisis management
Section 11: Measuring, monitoring, and reporting performance and metrics
- Measurement objectives
- What needs to be monitored and measured
- Monitoring cybersecurity
- Performance indicators
- The frequency and method of monitoring and measurement
- Reporting the results
Section 12: Conclusion of the training course
- PECB certification scheme
- PECB certification process
- Other PECB services
- Other PECB training courses and certifications
