NIS2 Board Training
The new NIS2 Directive and the accompanying NIS2 Implementing Act impose several explicit requirements on governing bodies. One key requirement is that members of governing bodies must undergo regular training, aligned with the organization's security policy, to "acquire sufficient knowledge and skills to identify risks and assess risk management practices in cybersecurity and their impact on the services provided by the entity."
In general, we observe that risk management in cybersecurity practices are often addressed in a fragmented way, with governing bodies remaining distant from this practice. Thus, the NIS2 training obligation for board members presents a unique opportunity to bridge the gap with cybersecurity specialists.
Training programs are fully customized to the client organization in consultation. While repetition of training is required, each new session builds on the previous one, instead of a simple repetition.
NIS2 Training covers the following topics in a highly practical way:
1. What is NIS2, and how is it being translated into Dutch law?
2. What are the NIS2 requirements for board members?
3. How can the board gain oversight of strategic and operational security matters?
4. What is the role of the management reviews required by NIS2?
5. What is the current state of security within the organization?
6. What are the key improvement activities for the board to meet its obligations?