NIS 2 Directive Training for the Board of Directors

<!DOCTYPE html> <html lang="en"> <head>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-5T1LRSG9C9"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-5T1LRSG9C9'); </script> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1">  <title>NIS 2 Directive Training for the Board of Directors</title> <meta name="description" content="NIS 2 Directive, tailored-made training programs for the Board of Directors. Stay ahead of compliance challenges with specialized insights and training from Cyber Risk GmbH."> <meta name="keywords" content="NIS 2 Directive Board of Directors, NIS 2 Training Board of Directors, NIS 2 Directive training Board of Directors, NIS 2 compliance Board of Directors, Cyber Risk GmbH"> <link rel="apple-touch-icon" sizes="180x180" href="apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="favicon-16x16.png"> <link rel="shortcut icon" type="image/x-icon" href="favicon.ico"> <link rel="manifest" href="manifest.json"> <meta name="msapplication-TileImage" content="mstile-150x150.png"> <meta name="theme-color" content="#ffffff">  <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet">  <link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;500;600;700;800;900&display=swap" rel="stylesheet">  <link rel="stylesheet" href="css/owl.carousel.css"> <link rel="stylesheet" href="css/owl.theme.default.css">  <script src="js/jquery.min.js"></script> <script src="js/owl.carousel.js"></script>    <meta name="google-site-verification" content="I0CDxLn5hun_Esd7Gf8jIPUBQ1eIIcVNsUQQ9d4Dq8Q"> <style> .wrapper-banner { background: url("NIS_2_Training_Board.jpg"); background-size: cover; background-position: center; } </style> <meta name="msvalidate.01" content="3992470AA0B488CE9CF07B1CD73A76D7"> <link rel="stylesheet" href="./style2.css"> <style> body { color: black; } </style> <style> a:link { color: blue; background-color: transparent; text-decoration: none; } a:visited { color: blue; background-color: transparent; text-decoration: none; } a:hover { color: red; background-color: transparent; text-decoration: underline; } a:active { color: blue; background-color: transparent; text-decoration: underline; } </style> </head> <body>  <div class="wrapper-menu"> <nav id="header" class="navbar navbar-fixed-top"> <div id="header-container" class="container navbar-container"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a id="brand" class="navbar-brand" href="https://www.disinformation.ch/">  </a> </div> <div id="navbar" class="collapse navbar-collapse"> <ul class="nav navbar-nav"> <li><a style = "color:#070579" href="https://www.nis-2-directive.com" target="_blank" >Index</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/NIS_2_Directive_Trained_Professional_(NIS2DTP).html" target="_blank" >NIS2DTP Training</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/NIS_2_Directive_Training.html" target="_blank" >NIS 2 Directive Training</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/NIS_2_Directive_Board_of_Directors_Training.html" target="_blank" >NIS 2 Board Training</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/NIS_2_Directive_Articles.html" target="_blank" >Articles NIS 2 Directive</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/NIS_2_Directive_Articles_(Proposal_16.12.2020).html" target="_blank" >Articles NIS 2 Directive (Proposal)</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/Links.html" target="_blank" >NIS 2 Directive Links</a></li> <li><a style = "color:#070579" href="https://www.nis-2-directive.com/NIS_2_Directive_Transposition.html" target="_blank" >NIS 2 Transposition</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com" target="_blank">Cyber Risk GmbH</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Impressum.html" target="_blank">Impressum</a></li> </ul> </div>  </div>  </nav>  </div> <div class="container-fluid wrapper-banner"> <div class="container"> <div class="top-banner"> </div> </div> </div> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> <h1>NIS 2 Directive Training for the Board</h1> <br> <p class="text-left"><b>Overview</b> <p class="text-left"> According to <b>Article 20 </b>of the NIS 2 Directive, "Member States shall ensure that the <b>members of the management bodies </b>of essential and important entities are required to follow training, and shall encourage essential and important entities to offer similar training to their employees on a regular basis, in order that they gain sufficient knowledge and skills to enable them to identify risks and assess cybersecurity risk-management practices and their impact on the services provided by the entity".</p> <p class="text-left"> According to <b>Article 21 </b>of the NIS 2 Directive:</p> <p class="text-left"> "1. Member States shall ensure that essential and important entities take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimise the impact of incidents on recipients of their services and on other services."</p> <p class="text-left"> "Taking into account the state-of-the-art and, where applicable, relevant European and international standards, as well as the cost of implementation, the measures referred to in the first subparagraph shall ensure a level of security of network and information systems appropriate to the risks posed. When assessing the proportionality of those measures, due account shall be taken of the degree of the entity’s exposure to risks, the entity’s size and the likelihood of occurrence of incidents and their severity, including their societal and economic impact."</p> <p class="text-left"> "2. The measures referred to in paragraph 1 shall be based on an <b>all-hazards approach </b>that aims to protect network and information systems and the physical environment of those systems from incidents, and shall include at least the following:"</p> <p class="text-left"> "(a) policies on risk analysis and information system security; <br> (b) incident handling; <br> (c) business continuity, such as backup management and disaster recovery, and crisis management; (d) supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers; <br> (e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure; <br> (f) policies and procedures to assess the effectiveness of cybersecurity risk-management measures; <br> (g) basic cyber hygiene practices and cybersecurity training; <br> (h) policies and procedures regarding the use of cryptography and, where appropriate, encryption; <br> (i) human resources security, access control policies and asset management; <br> (j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate."</p> <p class="text-left">It is a clear requirement from the NIS 2 Directive that the Board of Directors and the CEO must have <b>the knowledge and skills necessary to assess cybersecurity risks, challenge security plans, discuss activities, formulate opinions, and evaluate policies and solutions </b>that protect the assets of their organization. The failure to maintain adequate risk oversight can expose companies, officers, and directors to liability. </p> <p class="text-left"> Directors owe fiduciary duties to their shareholders and have a significant role in overseeing the risk management of the company. The failure to exercise appropriate oversight in the face of known risks constitutes a breach of the duty of loyalty. A decision about cybersecurity that was “ill-advised or negligent” constitutes a breach of the duty of care. </p> <p class="text-left"> The Board and the CEO must also assess <b>whether and how to disclose a cyberattack internally and externally </b>to customers and investors. After a successful cyberattack, companies and organizations must <b>provide evidence </b>that they have an adequate and tested cybersecurity program in place that meets international standards, and that they are prepared to respond to a security breach properly and quickly.</p> <br> <hr> <p class="text-left"><b>Our Briefings for the Board:</b> <p class="text-left">We offer <b>custom </b>briefings for the Board of Directors and executive management, tailored to the specific needs of each legal entity. Our briefings can be short and comprehensive (60 minutes), or longer, depending on the needs, the content of the program and the case studies. </p> <p class="text-left">Alternatively, you may choose one of our <b>existing </b>briefings:</p> <br> <p class="text-left"><b>1. The NIS 2 Directive for the Board of Directors and executive management of EU legal entities.</b></p> <p class="text-left"><b>2. The NIS 2 Directive for the Board of Directors and executive management of non-EU legal entities.</b></p> <p class="text-left"> You can find all information below.</p> <br> <p class="text-left"><b>Delivery format of the training program</b></p> <p class="text-left"><b>a. In-House Instructor-Led Training. </b> This format is specifically designed and customized for individuals within a particular company or organization, including board members, executive management, risk managers, and employees. An instructor from Cyber Risk GmbH, approved by the client, will travel to the client’s chosen location to deliver the training. The content and delivery are tailored to meet the specific needs of the client, as outlined in the contract.</p> <p class="text-left"><b>b. Online Live Training. </b>This real-time, synchronous training takes place in a live virtual meeting room via platforms such as Zoom, Webex, or Microsoft Teams. Instructors from Cyber Risk GmbH, approved by the client, customize the delivery method (e.g., interactive or non-interactive) to suit the client’s needs. The instructor leads the session and addresses questions based on the client’s specific requirements and the terms of the contract.</p> <p class="text-left"><b>c. Video-Recorded Training. </b> This professional, pre-recorded training format is tailored to the client’s needs and contract specifications. Instructors from Cyber Risk GmbH, approved by the client, record the content in a professional studio. The pre-recorded material, including future updates, is licensed to the client for internal training purposes. Clients can integrate the videos into their internal learning management systems. Available programs include Orientation Video Training and Compliance Video Training. </p> <br> <hr> <p class="text-left"><b>1. The NIS 2 Directive for the Board of Directors and executive management of EU legal entities.</b></p> <p class="text-left">Designed specifically for Boards of Directors and executive management, the course provides an in-depth understanding of the NIS 2 Directive, its objectives, and its implications for corporate governance and risk management.</p> <p class="text-left">The training will highlight <b>synergies </b>between NIS 2 and other relevant EU regulations, allowing organizations to design a comprehensive project that achieves compliance across multiple regulatory frameworks.</p> <br> <p class="text-left"> <b> Course Synopsis </b></p> <p class="text-left"> <b>Understand the NIS 2 Directive.</b><br> - Detailed analysis of the directive’s objectives, scope, and key provisions.<br> - Key distinctions between NIS 2 and its predecessor, NIS, and how these changes affect organizations.<br> - Regulatory requirements for essential and important entities, including mandatory risk management and reporting obligations.</p> <p class="text-left"> <b>Governance, Accountability, and Corporate Strategy.</b><br> - Best practices for integrating cybersecurity into corporate governance and the Board’s agenda.<br> - Defining roles and creating clear lines of accountability across the organization.<br> - Aligning cybersecurity strategies with overall corporate goals to ensure resilience and business continuity.</p> <p class="text-left"> <b>Roles and Responsibilities of the Board.</b><br> - Overview of the Board’s responsibility in overseeing and ensuring the implementation of cybersecurity measures.<br> - Understanding the executive management’s accountability under NIS 2, including strategic oversight and reporting responsibilities.<br> - Potential penalties for non-compliance, including reputational and financial risks.</p> <p class="text-left"> <b>Asking the Right Questions.</b><br> - Ask the proper questions to ensure effective oversight.<br> Examples:<br> - What cybersecurity measures are in place, and how are they aligned with NIS 2?<br> - How are we prepared to handle a cyber incident, and what is our reporting protocol?<br> - What cross-border and sector-specific risks do we face, and how are we addressing them?</p> <p class="text-left"> <b>Cybersecurity Risk Management and Incident Response.</b><br> - Explore frameworks for establishing an effective cybersecurity risk management strategy.<br> - Understand the process for reporting incidents, including how to handle cross-border cyber threats.<br> - Learn about preventive measures, mitigation strategies, and incident detection in compliance with NIS 2.</p> <p class="text-left"> <b>Synergies with Other EU Regulations.</b><br> - Explore synergies between the NIS 2 Directive and other EU regulations.<br> - How NIS 2 integrates with broader regulatory frameworks to promote a harmonized and cohesive approach to cybersecurity.</p> <p class="text-left"> <b> Which are these EU Directives and Regulations that have common elements with NIS 2 and may apply to us? </b> <br> - The Digital Operational Resilience Act (DORA). <br> - The Artificial Intelligence Act. <br> - The Critical Entities Resilience Directive (CER). <br> - The European Data Act. <br> - The European Data Governance Act (DGA). <br> - The European Cyber Resilience Act (CRA). <br> - The Digital Services Act (DSA). <br> - The Digital Markets Act (DMA). <br> - The EU Cyber Solidarity Act. <br> - The European ePrivacy Regulation. <br> - The European Digital Identity Regulation. <br> - The Corporate Sustainability Due Diligence Directive (CSDDD). </p> <p class="text-left"> <b>Sectoral Impact and Cooperation.</b><br> - Sector-specific obligations under NIS 2, including energy, transport, healthcare, and financial services.<br> - Cross-border cooperation for handling cybersecurity incidents.<br> - Fostering collaboration between different sectors and national cybersecurity bodies across EU Member States.</p> <br> <p class="text-left"><b>Instructor.</b></p> <p class="text-left">Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program. </p> <br> <p class="text-left"><b>Terms and conditions.</b></p> <p class="text-left"> You may visit: <a href="https://www.cyber-risk-gmbh.com/Terms.html" target="_blank">https://www.cyber-risk-gmbh.com/Terms.html</a> </p> <br> <hr> <p class="text-left"><b>2. The NIS 2 Directive for the Board of Directors and executive management of non-EU legal entities.</b></p> <p class="text-left"> The terms <b>‘extraterritoriality’ </b>and <b>‘extraterritorial jurisdiction’</b> refer to the competence of a country to extend its legal powers beyond its territorial boundaries, and to make, apply and enforce rules of conduct in respect of persons, property or events beyond its territory. </p> <p class="text-left"> The Sarbanes-Oxley Act of 2002, for example, applies to foreign auditors and foreign companies whose securities are listed in a US stock exchange.</p> <p class="text-left"> <b>Extraterritorial application of EU law </b>is the application of EU provisions outside the territory of the EU, resulting from EU unilateral legislative and regulatory action. </p> <p class="text-left"> For example, according to EU’s General Data Protection Regulation (GDPR), non-EU data controllers and processors in any country, must comply with the GDPR obligations, if they offer goods or services to individuals in the EU. </p> <p class="text-left"> Anu Bradford, Professor of Law in Columbia Law School, is the author of the book “The Brussels Effect: How the European Union Rules the World” (2020), that was named one of the best books of 2020 by Foreign Affairs.</p> <p class="text-left"> In 2012, she introduced the concept of the <b>‘Brussels Effect’,</b> that describes Europe’s unilateral power to regulate global markets. </p> <p class="text-left"> Anu Bradford explains why most global corporations choose to adopt the European laws, regulations and standards in the design and operation of their products and services.</p> <p class="text-left"> The EU standards are generally stricter, and in most cases, when you comply with EU rules, you comply with laws and regulations around the world.</p> <p class="text-left"> Even when this approach is more costly, global corporations prefer to have an enterprise-wide, single mode of production and operations, and to market their goods and services globally.</p> <p class="text-left"> Following the doctrine "you comply with EU rules, you comply around the world", global corporations and service providers need professionals that understand the EU laws, regulations, standards and guidelines. </p> <p class="text-left"> When the European Commission determines that the regulatory or supervisory regime of a non-EU country is <b>equivalent </b>to the corresponding EU framework:</p> <p class="text-left"> - allows authorities in the EU to rely on supervised entities' compliance with equivalent rules in a non-EU country,</p> <p class="text-left"> - reduces or eliminates overlaps in compliance requirements for both EU and non-EU entities,</p> <p class="text-left"> - makes services and products of non-EU companies accepted in the EU,</p> <p class="text-left"> - allows third-country firms to provide services without establishment in the EU single-market.</p> <p class="text-left"> We will discuss what happens when the European Commission determines that the regulatory or supervisory regime of a non-EU country is <b>not equivalent </b>to the corresponding EU framework, or when the European Commission has not yet determined if the regulatory or supervisory regime of a non-EU country is equivalent.</p> <p class="text-left"> We can understand better <b>equivalence decisions </b>from the experience we have with the Accounting Directive, the Audit Directive, the Capital Requirements Regulation (CRR), the Credit Rating Agencies Regulation, the European Market Infrastructure Regulation (EMIR), the Market Abuse Regulation (MAR), the Markets in Financial Instruments Directive (MiFID II), the Markets in Financial Instruments Regulation (MiFIR), the Prospectus Directive, the Solvency II Directive and the Transparency Directive.</p> <br> <p class="text-left"> <b> Course Synopsis </b></p> <p class="text-left"> <b> Introduction</b><br> - What is extraterritoriality?<br> - Extraterritorial application of EU law.<br> - Risk and compliance management challenges for firms established in non-EU countries.<br> - Are you sure we must comply with the NIS 2 Directive? Where can we find this information?<br> - Are we an essential or important entity in the EU? We are not established in the EU, and we are regulated in our country.</p> <p class="text-left"> <b>The NIS 2 Directive and Its Extraterritorial Impact.</b><br> - Breakdown of the NIS 2 Directive’s objectives, scope, and provisions.<br> - Analysis of the directive’s extraterritorial application to non-EU entities that offer services to the EU or engage in cross-border activities.<br> - Key compliance obligations and risk management requirements for non-EU organizations.</p> <p class="text-left"> <b>Assessing the Risk Exposure of Non-EU Entities.</b><br> - Identifying sectors and services that fall within the scope of NIS 2.<br> - Assessing whether your organization qualifies as an "important" or "essential" entity under the directive.<br> - How to evaluate your organization's exposure to NIS 2 obligations based on business operations in the EU.</p> <p class="text-left"> <b>Roles and Responsibilities of the Board and Executive Management.</b><br> - Clarifying the roles of the Board and executive management in overseeing compliance with NIS 2.<br> - Understanding the accountability and governance obligations of non-EU entities subject to the directive.<br> - Potential legal, financial, and reputational risks associated with non-compliance.</p> <p class="text-left"> <b>Cybersecurity Risk Management for Cross-Border Entities.</b><br> - Strategies for implementing effective risk management frameworks in alignment with NIS 2 requirements.<br> - Cross-border incident management and reporting obligations, particularly in relation to EU cybersecurity authorities and regulators.<br> - Enhancing resilience in international operations by adopting EU-compliant cybersecurity practices.</p> <p class="text-left"> <b>Cross-Border Cooperation and Reporting.</b><br> - Guidance on working with EU regulators, national cybersecurity bodies, and stakeholders in managing incidents.<br> - Navigating the complexities of cross-border cooperation and information-sharing.<br> - Understanding the legal framework for reporting cyber incidents to EU authorities and how it applies to non-EU entities. </p> <br> <p class="text-left"><b>Instructor.</b></p> <p class="text-left">Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program. </p> <br> <p class="text-left"><b>Terms and conditions.</b></p> <p class="text-left"> You may visit: <a href="https://www.cyber-risk-gmbh.com/Terms.html" target="_blank">https://www.cyber-risk-gmbh.com/Terms.html</a> </p> <br> <hr> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> <h3>Cyber Risk GmbH, some of our clients</h3> <br> <div class="logos"> <div class="logos-slide"> <img src="Logos/XMA8.png" alt="" > <img src="Logos/SYGNIA5.jpg" alt="" > <img src="Logos/DELL3.jpg" alt="" > <img src="Logos/VW.jpg" alt="" > <img src="Logos/Bosch9.png" alt="" > <img src="Logos/Swisslife3.JPG" alt="" > <img src="Logos/ATLAS8.png" alt="" > <img src="Logos/INSIG8.png" alt="" > <img src="Logos/SANT8.png" alt="" > <img src="Logos/NTT38.png" alt="" > <img src="Logos/EIB15.PNG" alt="" > <img src="Logos/SC8.JPG" alt="" > <img src="Logos/schindler.jpg" alt="" > <img src="Logos/AO9.png" alt="" > <img src="Logos/GS300.JPG" alt="" > <img src="Logos/DB8.png" alt="" > <img src="Logos/TM8.png" alt="" > <img src="Logos/OK8.png" alt="" > <img src="Logos/PWC5.JPG" alt="" > <img src="Logos/Fujitsu.png" alt="" > <img src="Logos/HO5.JPG" alt="" > <img src="Logos/FIN22.png" alt="" > <img src="Logos/SAN8.png" alt="" > <img src="Logos/BAH9.png" alt="" > <img src="Logos/AT32.png" alt="" > <img src="Logos/WINS25.png" alt="" > <img src="Logos/SKY12.png" alt="" > <img src="Logos/RB78.png" alt="" > <img src="Logos/WU8.png" alt="" > <img src="Logos/TDC.JPG" alt="" > <img src="Logos/BH18.png" alt="" > <img src="Logos/DeepSec_Conference7.png" alt="" > <img src="Logos/DC12.png" alt="" > <img src="Logos/BROAD8.png" alt="" > <img src="Logos/LEMON8.PNG" alt="" > <img src="Logos/SIK8.PNG" alt="" > <img src="Logos/KUMO8.PNG" alt="" > <img src="Logos/VEST8.PNG" alt="" > <img src="Logos/MOXA8.PNG" alt="" > <img src="Logos/TIET8.PNG" alt="" > <img src="Logos/UNI8.PNG" alt="" > <img src="Logos/BCC11.PNG" alt="" > <img src="Logos/SN8.PNG" alt="" > <img src="Logos/KYN8.PNG" alt="" > <img src="Logos/PG8.PNG" alt="" > <img src="Logos/MER8.PNG" alt="" > <img src="Logos/LIB8.PNG" alt="" > <img src="Logos/ALI8.PNG" alt="" > <img src="Logos/USA8.PNG" alt="" > <img src="Logos/MAR8.PNG" alt="" > <img src="Logos/ABB8.PNG" alt="" > <img src="Logos/INSI8.PNG" alt="" > </div> </div> <script> var copy = document.querySelector(".logos-slide").cloneNode(true); document.querySelector(".logos").appendChild(copy); </script> </div> </div> </div> </div> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> </div> </div> </div> </div>  <script src="js/bootstrap.js"></script> <script> $(document).ready(function() { var owl = $('.cliend-logo'); owl.owlCarousel({ margin: 20, nav: true, loop: true, autoplay:true, autoplayTimeout:4000, responsive: { 0: { items: 1 }, 600: { items: 6 }, 1000: { items: 6 } } }) }) $(document).ready(function() { var owl = $('.testimonialstext'); owl.owlCarousel({ margin: 20, nav: true, loop: true, autoplay:true, autoplayTimeout:4000, responsive: { 0: { items: 1 }, 600: { items: 1 }, 1000: { items: 1 } } }) }) </script> <script> $(window).scroll(function() { if ($(document).scrollTop() > 50) { $('nav').addClass('shrink'); $('.add').hide(); } else { $('nav').removeClass('shrink'); $('.add').show(); } }); </script> </body> </html>

CINXE.COM

NIS 2 Directive Training for the Board of Directors