Board Training NIS2
Level 1

NIS2 Board Training / Level 1

Lesson_NIS2_EN

Cyber Guru NIS2

The EU NIS2 Directive course addresses cyber risk, a systemic problem that threatens the stability of digital infrastructures. It aims to provide knowledge and management skills to mitigate risks, with focus on regulation, risk management, attack prevention, and the impacts of emerging technologies such as Cloud and AI. The course is aimed at enterprises in the NIS2 perimeter and the supply chain of large industrial groups.

SECTION I

REGULATORY FRAMEWORK

6 Lessons

SECTION II

CYBER RISKS.

5 Lessons

SECTION III

CYBER ATTACKS

4 Lessons

SECTION IV

CYBER CASES.

4 Lessons

SECTION I – REGULATORY FRAMEWORK

LESSON 1 – THE REGULATORY ENVIRONMENT
This lecture explores the evolution of the cybersecurity regulatory framework from 2010 to the recent NIS2 Directive. It analyzes the key stages of regulation in Italy and highlights the shift from protecting critical infrastructure to safeguarding the entire European production system, illustrating the main differences between NIS and NIS2 and the new obligations for critical market players.

SECTION I – REGULATORY FRAMEWORK

LESSON 2 – THE NIS2 DIRECTIVE (PART I)
This lecture analyzes the contents of the NIS2 Directive, which introduces new obligations for companies and public bodies, while also defining the reasons why the EU intervened to overcome some of the limitations of the previous NIS Directive, often related to the extreme discretion that was left to member states. A summary overview of regulated entities is also provided, distinguishing between essential and important entities.

SECTION I – REGULATORY FRAMEWORK

LESSON 3 – THE NIS2 DIRECTIVE (PART II)
This lecture introduces the topic of the responsibility of management bodies, With measures for risk management, incident reporting and supervision, the legislation in fact shows how corporate management bodies assume a key role in cybersecurity.This lecture deals with specific security measures for cyber risk management, referring in particular to risk policies, incident management, business continuity and supply chain security.

SECTION I – REGULATORY FRAMEWORK

LESSON 4 – THE NIS2 DIRECTIVE (PART III)
This lesson provides timely elements related to the multi-hazard approach, which includes physical, human and technological hazards. Emphasis is then placed on how incidents are reported. Finally, special attention is paid to the penalty framework, which is particularly severe, and this is for both essential and important actors.

SECTION I – REGULATORY FRAMEWORK

LESSON 5 – RECEPTION OF NIS2
This lesson is devoted to an in-depth study of the provisions of Legislative Decree 138/2024, as the legislation transposing the NIS2 Directive. The lesson analyzes the elements of specificity introduced by the Italian legislature, outlines the roles and responsibilities of those involved, and illustrates the consequences for non-compliance, including the administrative sanctions provided.

SECTION I – REGULATORY FRAMEWORK

LESSON 6 – THENIS2 ORGANIZATIONAL MODEL
This lesson addresses the organizational changes to be implemented by entities in the NIS2 perimeter, identifies new organizational and management measures, and clarifies timely roles and responsibilities for all actors involved in the new model.

SECTION II – CYBER RISKS

LESSON 1 – THE CYBER RISK
Managing cyber risk, an integral part of business operations, requires assessing and mitigating risks from digital vulnerabilities intentionally exploited by malicious actors. Risk reduction is based on two dimensions: lowering the likelihood of an attack through prevention and awareness, and limiting the impact through resilient assets and technological best practices.

SECTION II – CYBER RISKS

LESSON 2 – CYBER RISK ANALYSIS
Risk analysis is critical to understanding threats, probabilities and impacts, and defining countermeasures. Following standards such as ISO or NIST, it consists of six steps: identifying the context and risks, analyzing them, setting priorities, preparing responses, and continuously monitoring. The main output is the Risk Register, which maps cyber and non-cyber risks, essential for multi-risk security strategies as required by NIS2.

SECTION II – CYBER RISKS

LESSON 3 – MEASURING RISK
Risk assessment involves analyzing the probability and impact of an adverse event to make informed decisions. Analyses can be qualitative, simpler but subjective, or quantitative, more complex but precise and useful for justifying investments in mitigation. Measuring risk helps choose the best treatment strategies, reducing uncertainty and overcoming biases related to personal perception.

SECTION II – CYBER RISKS

LESSON 4 – SECURITY CONTROLS
Security incident management relies on the analysis of logs generated by digital infrastructure to identify and prevent critical situations. The Security Operations Center (SOC) processes alerts through a structured operational flow consisting of three phases: preliminary analysis, detailed analysis, and definition of containment and remediation actions. The use of Artificial Intelligence (AI) helps reduce false positives, improving operational efficiency.

SECTION II – CYBER RISKS

LESSON 5 – THE DAMAGE
Impact represents the damage caused by an adverse event, which can be classified into direct, liability, indirect, and consequential. In cyber risk, damages are divided into own (business interruption, systems restoration, incident management) and third-party (litigation, data breaches). While tangible damages are more easily estimated, intangible damages require complex assessments.

SECTION III – CYBER ATTACKS

LESSON 1 – THE DYNAMICS OF AN ATTACK
The dynamics of cyber risk follow a pattern in which a threat exploits a vector and technique to target a vulnerability, generating harm. Understanding threats, vectors, and techniques is crucial: threats range from individuals to complex organizations; vectors include email, malicious apps, or botnets; techniques range from phishing to malware. Email is the most common vector, while botnets, composed of compromised devices, are used for attacks such as DDoS.

SECTION III – CYBER ATTACKS

LESSON 2 – THE MAIN TECHNIQUES OF ATTACK
Cyber attack techniques include malware, vulnerability exploitation, and Distributed Denial of Service (DDoS) attacks. Malware, including zero-day, exploits unknown vulnerabilities, while vulnerabilities exposed on the Internet allow data to be stolen and privileged access to be gained, often through social engineering. DDoS overloads infrastructure or applications, rendering them unserviceable.

SECTION III – CYBER ATTACKS

LESSON 3 – VULNERABILITIES
Vulnerabilities pose a risk only if they are not mitigated by technical or procedural controls. Their life cycle goes through four phases: discovery, disclosure, countermeasure identification, and enforcement, with the first two being particularly critical. Effective vulnerability management requires an industrialized process based on constant updates, comprehensive asset inventories, and a prioritized strategy.

SECTION III – CYBER ATTACKS

LESSON 4 – SECURITY INCIDENTS
Security incident management is based on the analysis of logs produced by digital infrastructures, which are used to identify and prevent critical situations. The Security Operation Center (SOC) processes alerts through a three-step operational flow: preliminary analysis, detailed analysis, and definition of containment and remediation actions. The use of Artificial Intelligence reduces false positives, improving efficiency.

SECTION IV – CYBER CASES

LESSON 1 – CEO SCAM
A cyber criminal compromises or falsifies the email of the CEO or another Board member and sends an urgent email to the CFO or a financial executive, ordering a transfer of millions to a foreign account.

SECTION IV – CYBER CASES

LESSON 2 – RANSOMWARE ATTACK WITH BLACKMAIL
A leading energy company suffers a ransomware attack that locks down IT systems and cripples operations. Criminals threaten to publish sensitive Board data if the ransom is not paid.

SECTION IV – CYBER CASES

LESSON 3 – SUPPLY CHAIN ATTACK
A cloud service provider used by the company suffers an attack. Hackers use its credentials to access confidential data of the Board and strategic clients.

SECTION IV – CYBER CASES

LESSON 4 – DATA BREACH
A targeted attack steals financial and personal data of Board members. The press learns about it and the company suffers reputational damage, in addition to risks for non-compliance with NIS2 and GDPR.

More

Would you like to know more?

Discover