Internal training

Training on the requirements of the NIS2 Directive

Training based on the practical aspects and obligations arising from the new NIS2 Directive.

About the training

Training on the requirements of the NIS2 Directive

A one-day training course during which participants will become familiar with the key aspects of the NIS2 Directive. The course participants will gain knowledge on how to meet cybersecurity requirements. Through lectures and practical workshop exercises, they will acquire skills related to the key elements of the NIS2 Directive, including its goals, principles, and requirements concerning the protection of critical infrastructure.

The detailed scope of the training is presented below.

The goal of the training

Training objectives:

- Increasing cybersecurity awareness: The training aims to raise participants’ awareness of cybersecurity threats and the need to protect systems and data from cyberattacks.
- Understanding the NIS2 Directive: Participants should understand the key elements of the NIS2 Directive, including its goals, principles, and requirements for the protection of critical infrastructure and essential services.
- Identification and management of cybersecurity risk: The training should help participants identify and assess cybersecurity risks, as well as develop and implement effective risk management strategies.
- Security measures for business continuity: The training should provide knowledge regarding the responsibilities of organizations in implementing appropriate measures that ensure business continuity in the event of cybersecurity incidents, minimizing potential damage, and restoring normal system operations.
- Regulatory compliance: The training should assist participants in understanding how to meet legal cybersecurity requirements, including those of the NIS2 Directive, and how to avoid potential legal sanctions.

Target audience of the training

The NIS2 Directive training is aimed at employees at all management levels within organizations that are subject to, or may be subject to, new cybersecurity regulations. The course is designed to equip participants with the skills to identify, analyze, and manage risks in accordance with the requirements of the directive. It is particularly recommended for members of legal, IT, and security departments, as well as for anyone looking to expand their knowledge in the field of cybersecurity.

Although the training is open to all interested parties, we particularly encourage participation from management and board members who are directly responsible for ensuring their organization complies with the NIS2 requirements. Upon completion, participants will receive a certificate confirming the acquisition of practical knowledge aligned with Article 20(2) of the NIS2 Directive, which is essential for maintaining high standards of security and compliance within the organization.

Language of the training

The training is conducted in Polish.

However, there is the possibility of organizing the training in English upon request.

Training methodology

Achievement of the appropriate training outcomes is possible through the selection of both the right topics and training methods tailored to the specific needs of participants and the issues addressed in the training. Below are the methods and techniques we employ:

LECTURE
We deliver knowledge to participants using dedicated teaching aids, such as multimedia presentations. This forms the theoretical foundation of the training, where we introduce the topic, explain key concepts, and describe roles, processes, procedures, etc.

PRACTICAL EXAMPLES
As practitioners, we base the training program on real-life events presented in the context of specific issues. We help participants independently reach conclusions or solutions. Our training is highly focused on practice and the development of participants’ skills.

DISCUSSION
Participants express their opinions and exchange experiences. A well-structured discussion topic, often presenting at least two opposing views, typically generates strong emotional engagement. Discussions help develop a common solution or prepare arguments on a particular issue.

BRAINSTORMING
In a short time, we generate many ideas and solutions for specific problems and situations. We engage participants, stimulating their thinking and creativity.

EXERCISES
Practical tasks related to the training subject, such as creating processes, conducting case studies, etc. These tasks effectively complement the lecture and practical examples.

TESTS
We verify the participant’s knowledge and skills level, identify any competency gaps, and plan the educational process accordingly to enhance their abilities. Depending on the nature of the training, this can be done using various tools, such as knowledge tests and practical exercises.

SIMULATIONS
Simulations provide an excellent representation of reality, where participants actively engage and experience the consequences of their actions.

SUMMARY
At the end of each topic, we summarize the material covered. This process is carried out by the trainer and allows participants to review the key points of the topic while providing an opportunity to assess their understanding.

Trainer

MONIKA SURMA

A graduate of National Security with a specialization in Crisis Management and Cybersecurity from Adam Mickiewicz University in Poznań. Lead Auditor for Information Security and Business Continuity Management Systems. Internal Auditor for Quality, Environmental, and Health & Safety Management Systems. Trainer in the areas of ISMS, risk management, cybersecurity, NIS2, and TISAX. She has carried out dozens of projects for both the public and private sectors, including conducting audits and implementing Critical Infrastructure Protection (CIP), ISO 27001, UKSC, NIS2, and TISAX standards.

Internal training

Internal training

Dedicated exclusively to your organization – this approach guarantees comfort and freedom to thoroughly discuss specific topics and situations within your company. We understand that every business is unique, so to effectively translate the acquired knowledge into your organization, we tailor the examples presented to your specific needs and business context.

Training program

Day 1

9.00-16.00

Welcome and Introduction to the Training
What is NIS2? Who does it apply to? – Purpose and Scope
Overview of the NIS2 Directive: Definition, objectives, and scope.
Reasons for its creation and its impact on cybersecurity at the organizational level.
Key changes and obligations introduced by NIS2.
A comparison of the current NIS Directive with the new NIS2 Directive and its reach.
Break
Who is affected by the new NIS2 Directive and by when must changes be implemented?
Key vs. important entities under NIS2.
Explanation of which organizations are subject to the NIS2 security requirements.
NIS2 from an organizational perspective: What actions need to be taken?
Obligations of key entities vs. important entities.
Discussing the most important aspects and responsibilities within the organizational context.
Cybersecurity risk management in the context of NIS2.
Overview of the risk management process, risk management measures in cybersecurity, and incident management.
Break
Security Measures for Business Continuity under NIS2
Obligations of entities to implement measures ensuring business continuity in the event of cybersecurity incidents, minimizing potential damage, and restoring normal system operations.
Overview of incident reporting requirements and procedures.
Impact of the NIS Directive on Other Legal Acts
Discussion on the influence of NIS2 on other legal regulations.
Proposed changes to the National Cybersecurity System Act from July 2023: Presentation of key amendments and corrections made in recent months, with practical advice on how to implement these upcoming changes.