Law and Data Privacy

NIS-2 for the executive board, management and management level

Context of the NIS 2 regulation, obligations for management, risk analysis, and risk management measures pursuant to Section 38 BSIG

4.7(3)
training
Favorite Share Open as PDF (German) PDF FILE
This training is held in German.
The NIS 2 Directive and the NIS 2 Implementation Act introduce stricter information security obligations for "important" and "particularly important" institutions. An important element is the training obligation for management anchored in Section 38 of the BSIG: Members of management must regularly acquire sufficient knowledge to recognize and assess risks, risk management measures, and the effects of risks and measures on the services provided. This training specifically tailored to the perspective of management and top management. It conveys the context of the NIS 2 regulation (NIS 2 Directive and German NIS 2 Implementation Act, in particular the BSIG), the overarching obligations for the institution itself and in particular for management, highlights liability risks and compliance obligations, and also focuses on the risk analysis required by law, the standardized risk management measures, and the potential impact of risks and risk management measures on the company itself. The content is based on the BSI's guidelines on training requirements pursuant to Section 38 (3) BSIG and supports participants in demonstrably fulfilling their responsibilities in the area of information security.

Contents

Legal framework: NIS 2 Directive and BSIG

  • Overview of the NIS-2 Directive and the amended BSIG.
  • Classification of terms in KRITIS, "important" and "particularly important" facilities.
  • Role of management in implementing, monitoring, and verifying risk management measures.
  • Overview of liability risks and sanctions framework.

Core area 1: Risk analysis from the perspective of management

  • What a risk analysis according to NIS-2/BSIG must achieve – without technical details.
  • Typical threats and damage scenarios from a management perspective.
  • Reading and understanding risk reports: What questions should management ask?
  • Anchoring risk analysis in risk management and corporate strategy.

Core area 2: Risk management measures and minimum requirements

  • Requirements for risk management measures in accordance with the NIS 2 Directive and Section 30 of the German Federal Security Act (BSIG).
  • Overview of typical technical and organizational measures (TOM) and management tasks.
  • Role of management: setting targets, allocating resources, prioritizing, and monitoring.

Core area 3: Impact of risks and measures on the services provided

  • What impact can security incidents have on operations, production, services, reputation, and finances?
  • Evaluation of measures from a business perspective: economic efficiency, proportionality, residual risk.
  • Dealing with residual risks: documentation, communication, and decision-making in senior management.

Roles, responsibilities, and effective delegation

  • Delineation of tasks: What must remain at the management level, and what can be delegated?
  • Collaboration with CISO/ISB, IT management, data protection, compliance, and risk management.
  • Requirements for reporting channels, controls, and documentation.

Implementation in practice: From the legal framework to your own governance

  • Practical examples of security incidents and management liability.
  • Deriving a separate roadmap for management: Which issues should be addressed in the short, medium, and long term?
  • Documentation of training and management decisions made as a component of fulfilling documentation requirements.

Note on mandatory training
This training members of management training fulfill their training obligations under Section 38(3) of the German Federal Security Act (BSIG). The content is based on the BSI guidelines on mandatory training under Section 38(3) BSIG and helps participants to fulfill their training obligations.

Learning environment

In your online learning environment, you will find useful information, downloads and extra services for this training course once you have registered.

Your benefit

Clarity regarding management responsibilities:

  • The requirements of NIS-2 and, in particular, Section 38 BSIG (German Federal Act on the Security of Information Systems) for management are understood.

Expertise in risk analysis and risk management:

  • You will acquire the necessary knowledge to read and question risk analyses and assess the appropriateness of risk management measures—without having to be technical yourself.

Awareness of the impact of risks:

  • The impact of risks and measures taken on the services provided by companies can be better assessed in order to make more informed decisions.

Identifying and managing liability risks:

  • An overview of personal liability risks is provided, and it is shown how governance structures, delegation, and evidence should be designed to reduce these risks.

Verifiable continuing education of management:

  • Participation proves that the obligation to undergo regular training in the field of information security in accordance with Section 38 BSIG has been fulfilled. This includes questions that must subsequently be answered within the company. 

Methods

Lecture and presentation from a management perspective, specific case studies and scenarios, discussion of practical questions from participants, answering individual questions.

Recommended for

The training at members of management, board members, managing directors, and other persons in senior management positions at companies and institutions that fall under the categories of "important" or "particularly important" institutions within the meaning of NIS-2 (and here, in particular, the BSIG).

According to Section 2 (13) BSIG, "management" refers to a natural person who is appointed by law, articles of association, or partnership agreement to manage the business and represent a particularly important institution or important institution.

Detailed technical knowledge is not required; the focus is on legal, organizational, and strategic issues at the management level.

Open Badges - Show what you can do digitally too.

Open Badges: Qualification 4.0

Open Badges are recognized, digital certificates of participation. These verifiable credentials are the current standard for integration in career networks such as LinkedIn.

With them, you digitally demonstrate the competences you possess. After successful completion, you will receive an Open Badge from us.

Read more

Further recommendations for "NIS-2 for senior management, management and executive level"

NIS 2 Directive and NIS2UmsuCG

View into the product

Here you can get impressions of the training as well as information about the training topic.

What you can expect from the "NIS-2 for management and executive level" training
What you can expect from the "NIS-2 for management and executive level" training
On-site training together
more
Booking number
41115
€ 920,- plus VAT
Details
1 day
in Frankfurt a. M.
on 19.03.2026
German
In-person trainings
Joint online training
more
Booking number
41117
€ 920,- plus VAT
Details
1 day
Online
2 Events
German
Live online events
Train several employees internally
more
Pricing upon request
  • Customized training courses according to your needs
  • Directly at your premises or online
  • Cost advantage from 5 participants
  • We contact you within 24 hours (Mon-Fri)
1 day
In-person or Online
Request
Haufe Akademie App - for me

Ratings and feedback from our participants

4.7
3 Ratings
training content:
5
Content comprehensibility:
4.6
Practical relevance:
4.6
Trainer expertise:
5
Participant orientation:
4.6
Method variety:
5

Start dates and details

  Select time period
0 events
15.01.2026
Live-Online
Details
Booking number: 41117
€ 920,- plus VAT.
€ 1,094.80 incl. VAT.
Course
zoom
zoom
Read more
Technical notes
We use various software to conduct our online events.
To the system check
Days & Times
1 day

Thursday, 15.01.2026

09:00 am - 4:00 pm

19.03.2026
Frankfurt a. M.
Details
Booking number: 41115
€ 920,- plus VAT.
€ 1,094.80 incl. VAT.
Venue
Novotel Frankfurt City
Novotel Frankfurt City
Lise-Meitner-Straße 2, 60486 Frankfurt a. M.
Room rate: € 106,81 plus VAT.
Read more
Arrival via Deutsche Bahn
Travel at reduced rates by booking via the learning environment.
Read more
Days & Times
1 day

Thursday, 19.03.2026

09:00 am - 4:00 pm

Fee includes
The participation fee includes
  • one joint lunch per full seminar day,
  • Catering during breaks and
  • extensive working documents.
Participants will be charged directly by the hotel for their hotel accommodation. You will find a reservation form for hotel bookings in your learning environment.
07.07.2026
Live-Online
Details
Booking number: 41117
€ 920,- plus VAT.
€ 1,094.80 incl. VAT.
Course
zoom
zoom
Read more
Technical notes
We use various software to conduct our online events.
To the system check
Days & Times
1 day

Tuesday, 07.07.2026

09:00 am - 4:00 pm

Sufficient places are still free.
Don't wait too long to book.
Fully booked.
Training is guaranteed to take place
Booking number: 41115
€ 920,- plus VAT.
€ 1,094.80 incl. VAT.
Details
1 day
Fee includes
The participation fee includes
  • one joint lunch per full seminar day,
  • Catering during breaks and
  • extensive working documents.
Participants will be charged directly by the hotel for their hotel accommodation. You will find a reservation form for hotel bookings in your learning environment.
Booking number: 41117
€ 920,- plus VAT.
€ 1,094.80 incl. VAT.
Details
1 day
Book later
You are welcome to make a non-binding advance reservation.
Book in advance
No suitable date?
You are welcome to be notified by e-mail as soon as new dates are released.
e-mail notification
Also bookable as in-house training
in-house training for several employees
optimally customized to your own needs
directly on site or online - save time and travel costs
Request training
Please note: We use third-party tools for selected events. Personal data of the participant will be passed on to them for the implementation of the training offer. You can find more information in our privacy policy.

About us - The Haufe Akademie

Your optimizer, innovator and companion since 1978 -
Your professional partner for professional development and seminars, training courses and topical conferences.

Whether on site, live online or in-house - our customised solutions, our claim to the highest level of consulting expertise and training tailored to your needs simplify the acquisition of skills for the working world of the future and sustainably facilitate professional development.

A wide range of seminars, individual coaching and our flexible formats support HR managers and decision-makers in shaping the future and developing employees, in-house teams and companies.

Experience the benefits of online training from the comfort of your own home. Our online formats meet the highest quality standards and are in no way inferior to face-to-face events in terms of practical relevance. Learn together live online in interactive groups or digitally at a time of your choice.

3,500+ further training
620,000+ apprentices per year
Over 95% positive reviews
2,600+ trainers and coaches
18,000+ training courses held per year
Call us or send an email

Do you have any questions?

We are there for you Monday to Friday 8:00 a.m. - 5:00 p.m.

Stephanie Göpfert

Head of Customer Service

service@haufe-akademie.de
+49 761 595339-00
*Mandatory fields
FAQs

Questions & Answers

In our Questions & Answers (FAQ) section, you will find all the answers and the most frequently asked questions about your selected topic.