The illustrations were created in cooperation between humans and artificial intelligence. They show a future in which technology is omnipresent, but people remain at the center.
AI-generated illustration
NIS-2 in practice: governance, implementation, and crisis management
Strategy, technology, and roadmap for effective NIS 2 compliance
Online
2 days
German
€ 1.290,-
plus VAT.
€ 1.535,10
incl. VAT.
Booking number
42685
Venue
Online
.svg)
5 dates
€ 1.290,-
plus VAT.
€ 1.535,10
incl. VAT.
Booking number
42685
Venue
Online
5 dates
plus VAT.
incl. VAT.
Booking number
Venue
0 Dates
Become a certified
Machine Learning Engineer
Machine Learning Engineer
This course is part of the certified Master Class "Machine Learning Engineer". If you book the entire Master Class, you save over 15 percent compared to booking this individual module.
To the Master Class
In-house training
In-house training just for your employees - exclusive and effective.
Inquiries
In cooperation with
In cooperation with
The NIS 2 Directive fundamentally changes the requirements for information security and governance. Companies must reevaluate their security organization, processes, and technical measures—while keeping an eye on liability risks for executives and management.
In this two-day intensive seminar, you will learn what NIS 2 specifically means for your company and how to implement the requirements in a structured manner. You will analyze your own maturity level, develop effective risk management in accordance with § 30 NIS2UmsuCG, and draw up a realistic implementation roadmap. In doing so, you will combine strategic governance issues with technical measures such as attack detection, zero trust, incident response, and supply chain security.
The training you training a clear basis for decision-making, practical checklists, and concrete implementation steps—so that you not only understand NIS-2, but also confidently anchor it in your company.
Contents
Day 1 – Strategy, Law, and Governance
1. Introduction and regulatory context
- Introduction to the NIS 2 Directive and the NIS2UmsuCG.
- Distinction from KRITIS and other regulations.
- Self-assessment of maturity level to determine current status.
- Importance of governance and liability requirements.
2. Scope and obligations (deep dive)
- Analysis of the criteria for impact (sectors, sizes, thresholds).
- Distinction between "essential" and "important" facilities.
- Key responsibilities: governance, risk management, reporting and documentation requirements.
- Management liability and sanctions.
3. Risk management and the 10 core measures (Section 30)
- Establishment of NIS 2-compliant risk management.
- Identification of critical services and processes.
- Asset management and risk analysis.
- Incident and business continuity management.
- Vulnerability management, backup strategies, supply chain security.
- Cryptography, access controls, and awareness.
4. Organization and governance
- Roles and responsibilities (management, CISO, NIS 2 coordination).
- Integration into existing ISMS and GRC structures.
- Dealing with audits and supervision.
- Requirements for management and governing bodies.
Day 2 – Implementation, technology, and practice
5. Technical and organizational measures
- State of the art: attack detection, SIEM, SOC, EDR/XDR.
- Monitoring, logging, and incident response.
- Zero trust principles and ransomware prevention.
- Cloud and OT security.
- Interfaces to existing security stacks.
6. Secure development and supply chain
- Threat modeling and secure architecture.
- DevSecOps and SDLC.
- Security requirements for service providers and cloud providers.
- Contract requirements, SLAs, and auditing.
- Vendor management checklists.
7. Reporting requirements and crisis management
- Reporting processes and deadlines according to NIS2/NIS2UmsuCG.
- Interfaces with the BSI and supervisory authorities.
- Establishment of internal escalation processes.
- Integration with BCM, incident management, and cyber insurance.
8. Gap analysis and implementation roadmap
- Analysis of one's own level of maturity.
- Definition of quick wins (0–3 months).
- Medium-term measures (3–12 months).
- Development of a target vision and management commitment.
Your benefit
- You understand the strategic, legal, and technical requirements of the NIS 2 Directive.
- You can assess whether and to what extent your organization is affected.
- You develop a structured risk management system in accordance with Section 30 NIS2UmsuCG.
- You will receive specific checklists and templates for governance, technology, and reporting processes.
- You leave the training a realistic, prioritized implementation roadmap.
trainer
No items found.
Methods
The training structured specialist input with practice-oriented workshops. You will work with templates for risk registers, gap analyses, and roadmaps. Scenario-based exercises and concrete case studies ensure immediate transfer of learning to your organization.
Final examination
Recommended for
This intensive seminar is aimed at:
- IT security and data protection officers
- Compliance and governance officers
- Management and decision-makers
- IT managers and project managers responsible for information security
- Organizations that are classified as NIS 2-relevant entities
.svg)
