Understanding the NIST Framework

You’ll learn the basics of the US NIST Cyber Security framework: how to link it to real risks, set priorities that fit your context, and define concrete actions and responsibilities. You'll walk away with structure, direction, and the confidence to get started.

Is NIST relevant for you?
It probably is!

Aligning with the NIST Framework is only mandatory for US government agencies, but it’s quickly becoming the norm. Discover how NIST helps your organization reduce risk, meet customer and partner expectations, and build trust across your supply chain.

What measures should you take? Part 1

You’ll explore four cyber risk areas in detail: risk assessment, incident response, resilience, and supply chain security. You’ll learn what each area involves, what’s expected from your team, and how to take practical steps that make a difference.

What measures should you take? Part 2

Discover how to embed cyber security in your procurement and development processes, especially around software. This session also explores the role of employee training and how to create a culture where good cyber hygiene becomes second nature.

What measures should you take? Part 3

The more connected your systems, the more important it becomes to know who has access—and to what. This session introduces key access and identity management principles: controlling access rights, verifying user identities, and keeping track of your most critical assets.

How to analyze incidents and communicate clearly

Reacting quickly to an incident is essential—but reacting in the right way is just as important. You’ll learn how to investigate incidents thoroughly, communicate with internal and external stakeholders, and use clear documentation to contain damage and support long-term resilience.

Governance, roles & responsibilities

Cyber security needs clear leadership. In this session, we focus on the people side of the framework: how to define roles and ensure that security decisions are supported at the right level. Strong governance is what turns strategy into action.

Oversight, showing compliance & business impact

What does 'being in control' actually look like? This final session covers what it takes to demonstrate compliance—through internal audits, documentation, and board-level oversight. You’ll learn how to link cyber security efforts to business impact and show that your organization is not just secure, but accountable too.

This level is designed for those responsible for putting the NIST Framework into practice. You’ll learn how to assess your current posture, define a target profile, and translate the framework into concrete steps tailored to your organisation’s size, sector and risk profile. We’ll also introduce the concept of Implementation Tiers—helping you decide how structured your approach should be, and how to align it with business needs. By the end, you’ll understand how to prioritise next steps, communicate progress with stakeholders, and shape a NIST-based approach that’s realistic, scalable and built to last.

Introduction
to the NIS2 directive

Understand the scope and objectives of the NIS2 directive and explore its implications for managers. Compliance is no longer solely an IT concern; it's also your responsibility.

Which organizations are affected?
Understanding NIS2’s reach

Discover which organizations fall under the NIS2 directive by exploring key terms and classifications, so you can clearly understand the directive’s impact and what you’re up against.

What measures should you take?
Part 1 (Art. 21)

Understand the fundamental cybersecurity measures required by NIS2 and how to implement them. This module covers risk analysis, incident handling, business continuity, and supply chain security.

What measures should you take?
Part 2 (Art. 21)

Explore advanced cybersecurity measures such as secure system development, effectiveness assessments, cyber hygiene practices and cybersecurity training, cryptography, and encryption.

What measures should you take?
Part 3 (Art. 21)

Complete your cybersecurity strategy with HR management, access control, asset tracking, authentication, secure communications, and emergency communication systems.

How to report?
Your obligations explained (Art. 23)

This module focuses on how reporting cyber incidents and sharing information can help organizations and sectors collaborate to minimize the impact of cyber threats across the EU.

Governance, roles, and responsibilities (Art. 31 to 37)

Learn how NIS2 holds top management accountable for cybersecurity. This module outlines the roles of the board of directors, executive management, CISO, and ISM in establishing and maintaining a robust cybersecurity framework.

Supervision, enforcement, and penalties

Understand the serious repercussions of non-compliance with NIS2. This final module explains the responsibilities of national authorities and the financial and operational penalties organizations may face for failing to meet NIS2 standards.

Stakeholder management

Implementing NIS2 starts with securing buy-in from key stakeholders. Discover strategies and tools to help you identify, engage, and gain support from crucial individuals throughout your compliance journey.

Asset inventory and
risk analysis

Understand which assets need protection by identifying and assessing critical organizational resources. Learn how to address vulnerabilities and manage potential threats.

Security policy development

Explore the different types of security policies, identify those relevant to your organization, and learn how to create them to build a strong security foundation.

Strengthening the supply chain

Conduct risk assessments and apply best practices to manage relationships with vendors and third parties, ensuring your supply chain is secure.

Incident management

Build robust incident management processes. Learn how to create an effective response plan and ensure your technical environment is ready to handle real-world incidents.

Cybersecurity training

Discover how to design training programs that equip your staff with the skills and knowledge needed to identify, prevent, and respond to cyber threats.

Core security controls

Gain a clear understanding of the essential security controls required for NIS2 compliance, including access control, secure network services, and business continuity planning.

Evaluating and enhancing
security effectiveness

Understand the scope and objectives of the NIS2 directive and explore its implications for managers. Compliance is no longer solely an IT concern; it's also your responsibility.

What is GDPR? When and where does it apply?

Understand the basics of GDPR, its importance, and its impact on data subjects.

The 6 principles
of GDPR

Understand the core principles of GDPR that guide data processing.

The rights of data subjects

Learn about the rights individuals have under the GDPR and how to respect them.

Dealing with data subject requests

Understand the difference between data controllers and data processors and learn who’s responsible for answering questions from data subjects.

The role of a
Data Protection Officer

Learn what a Data Protection Officer does and whether your organization is required to appoint one.

What to do in case of
a data breach?

This module focuses on how reporting cyber incidents and sharing information can help organizations and sectors collaborate to minimize the impact of cyber threats across the EU.

International
data transfers

Learn the rules for transferring personal data outside the EU.

What is GDPR? When and
where does it apply?

Understand the basics of GDPR, its importance, and its impact on your privacy.

The 6 Principles of GDPR

Understand the core principles behind the GDPR.

The Rights of Data Subjects

Learn about your rights under the GDPR.

Exercising your Rights

Understand the difference between data controllers and data processors and learn who’s responsible for answering your information requests.

Learn the phishing basics

Refresh your knowledge of phishing and why it’s a threat. This module covers the common tactics used by cybercriminals and provides essential knowledge to help you identify potential phishing attempts.

Spot the phishing messages

Dive deeper into identifying phishing attempts by analyzing real-world examples. Learn to recognize red flags in emails, text messages, and other forms of communication to protect yourself from falling victim to these scams.

Take the phishing quiz

Test your knowledge and sharpen your skills. Practice spotting phishing attempts in simulated scenarios and reinforce what you’ve learned in the previous modules.

Introduction to Personally Identifiable Information (PII)

Get to know the rules and regulations that define how your company should handle personal data.

Fair Information Practices
(FIPs)

Understand the eight principles of FIPs and how to apply them in real-world situations.

Understanding Privacy Impact Assessments (PIAs)

In this session, you’ll learn what PIAs are, when they’re needed, and how conducting one can help your organization stay compliant and build trust.

The California Consumer Privacy Act (CCPA)

Explore the CCPA and why it concerns you, even if you’re not in California.

Balancing KYC protocols and PII privacy

Businesses need to verify customer identities, but how can you do this while respecting their privacy rights? Discover how to comply with KYC rules while ensuring responsible data handling.

Overview and core principles

Discover what it is, who must follow it, and how to apply three pillars to protect patient data.

Patient
privacy & confidentiality

PHI is the primary focus of HIPAA protection, and this session will help you define it, understand its importance, recognize the risks of mishandling it, and apply best practices.

Physical & digital security measures

Learn how to implement physical security measures and apply digital security best practices to prevent breaches and protect sensitive information.

HIPAA
violations & consequences

In this session, you’ll examine the reality of HIPAA violations—when PHI is accessed, disclosed, or mishandled contrary to HIPAA rules.

What is the BDSG and when does it apply?

Learn how Germany’s BDSG complements the GDPR, when it applies, and to whom. Understand where European and German law intersect — and what that means in practice for your organisation.

The 6 fundamental and when does it apply?

The six principles of the GDPR also apply in Germany — but the BDSG makes them stricter in certain areas. With practical examples, you’ll learn exactly what Germany expects beyond the European standard.

Data protection rights under the BDSG

GDPR rights are familiar. The BDSG goes further, with additional rules for employees and public authorities. This module shows you where Germany raises the bar.

Organising data protection: from the DPO to data requests

The BDSG adds additional rules on appointing a Data Protection Officer, keeping records, and handling requests. Learn how to make compliance systematic rather than ad hoc.

Data protection in the workplace

Employee privacy is at the heart of the BDSG. After this module, you’ll know exactly what is allowed — and what isn’t — in everyday HR and workplace practice.

Winning trust in the automotive world

Learn what TISAX is, how it builds on ISO 27001, and why major automotive manufacturers require it. Discover how a label works — and how it creates new business opportunities.

Step by step towards a successful TISAX audit

Prepare step by step for audit readiness: define your scope, understand maturity levels, complete the VDA ISA, and choose the right provider. Save time and avoid costly mistakes.

The audit process explained

See what happens during a TISAX audit — from kick-off to evidence checks and final assessment. Understand what auditors look for and how to maximize your chances of success.

Strengthen your digital resilience under DORA

The Digital Operational Resilience Act (DORA) introduces binding cyber security requirements for financial entities and their ICT providers across the EU. It’s designed to ensure that critical players in the financial system can withstand, respond to and recover from digital disruptions. In this level, you’ll learn who DORA applies to, what’s expected under the regulation, and how to manage ICT risks more systematically. We’ll cover the key areas: risk management, continuous monitoring, incident response, testing, and third-party oversight.

Protecting payment data is everyone’s business

If your organization processes, stores or transmits payment card data, the Payment Card Industry Data Security Standard (PCI DSS) applies. The standard sets out clear rules to protect cardholder information and reduce the risk of fraud. In this level, you’ll learn when PCI DSS applies, what kind of data must be protected, and which technical and organizational controls are required. We’ll explore how to reduce risks, meet compliance expectations, and keep both customer data and your business secure.