Introduction
to the NIS2 directive

Understand the scope and objectives of the NIS2 directive and explore its implications for managers. Compliance is no longer solely an IT concern; it's also your responsibility.

Which organisations are affected?
Understanding NIS2 reach

Discover which organistions fall under the NIS2 directive by exploring key terms and classifications, so you can clearly understand the directive's impact and what you’re up against.

What measures should you take?
Part 1 (Art. 21)

Understand the fundamental cybersecurity measures required by NIS2 and how to implement them. This module covers risk analysis, incident handling, business continuity, and supply chain security.

What measures should you take?
Part 2 (Art. 21)

Explore advanced cybersecurity measures such as secure system development, effectiveness assessments, cyber hygiene practices and cybersecurity training, cryptography and encryption.

What measures should you take?
Part 3 (Art. 21)

Complete your cybersecurity strategy with HR management, access control, asset tracking, authentication, secure communications and emergency communication systems.

How to report?
Your obligations explained (Art. 23)

This module focuses on how reporting cyber incidents and sharing information can help organisations and sectors collaborate to minimise the impact of cyber threats across the EU.

Governance, roles and responsibilities (Art. 31 to 37)

Learn how NIS2 holds top management accountable for cybersecurity. This module outlines the roles of the board of directors, executive management, CISO, and ISM in establishing and maintaining a robust cybersecurity framework.

Supervision, enforcement and penalties

Understand the severe repercussions of non-compliance with NIS2. This final module explains the responsibilities of national authorities and the financial and operational penalties organisations may face for failing to meet NIS2 standards.

Stakeholder management

Implementing NIS2 starts with securing buy-in from key stakeholders. Discover strategies and tools to help you identify, engage, and gain support from crucial individuals throughout your compliance journey.

Asset inventory and
risk analysis

Understand which assets need protection by identifying and assessing critical organisational resources. Learn how to address vulnerabilities and manage potential threats.

Security policy development

Explore the different types of security policies, identify those relevant to your organisation, and learn how to create them to build a strong security foundation.

Strengthening the supply chain

Conduct risk assessments and apply best practices to manage relationships with vendors and third parties, ensuring your supply chain is secure.

Incident management

Build robust incident management processes. Learn how to create an effective response plan and ensure your technical environment is ready to handle real-world incidents.

Cyber security training

Discover how to design training programmes that equip your staff with the skills and knowledge needed to identify, prevent, and respond to cyber threats.

Core security controls

Gain a clear understanding of the essential security controls required for NIS2 compliance, including access control, secure network services, and business continuity planning.

Evaluating and enhancing
security effectiveness

Understand the scope and objectives of the NIS2 directive and explore its implications for managers. Compliance is no longer solely an IT concern; it's also your responsibility.

Understanding the NIST Framework

You’ll learn the basics of the US NIST Cyber Security framework: how to link it to real risks, set priorities that fit your context, and define concrete actions and responsibilities. You'll walk away with structure, direction, and the confidence to get started.

Is NIST relevant for you?
It probably is!

Aligning with the NIST Framework is only mandatory for US government agencies, but it’s quickly becoming the norm. Discover how NIST helps your organisation reduce risk, meet customer and partner expectations, and build trust across your supply chain.

What measures should you take? Part 1

You’ll explore four cyber risk areas in detail: risk assessment, incident response, resilience, and supply chain security. You’ll learn what each area involves, what’s expected from your team, and how to take practical steps that make a difference.

What measures should you take? Part 2

Discover how to embed cyber security in your procurement and development processes, especially around software. This session also explores the role of employee training and how to create a culture where good cyber hygiene becomes second nature.

What measures should you take? Part 3

The more connected your systems, the more important it becomes to know who has access—and to what. This session introduces key access and identity management principles: controlling access rights, verifying user identities, and keeping track of your most critical assets.

How to analyse incidents and communicate clearly

Reacting quickly to an incident is essential—but reacting in the right way is just as important. You’ll learn how to investigate incidents thoroughly, communicate with internal and external stakeholders, and use clear documentation to contain damage and support long-term resilience.

Governance, roles & responsibilities

Cyber security needs clear leadership. In this session, we focus on the people side of the framework: how to define roles and ensure that security decisions are supported at the right level. Strong governance is what turns strategy into action.

Oversight, showing compliance & business impact

What does 'being in control' actually look like? This final session covers what it takes to demonstrate compliance—through internal audits, documentation, and board-level oversight. You’ll learn how to link cyber security efforts to business impact and show that your organisation is not just secure, but accountable too.

What is GDPR? When and where does it apply?

Understand the basics of GDPR, its importance, and its impact on data subjects.

The 6 principles
of GDPR

Understand the core principles of GDPR that guide data processing.

The rights of data subjects

Learn about the rights individuals have under the GDPR and how to respect them.

Dealing with data subject requests

Understand the difference between data controllers and data processors and learn who’s responsible for answering questions from data subjects.

The role of a
Data Protection Officer

Learn what a Data Protection Officer does and whether your organisation is obliged to hire one.

What to do in case of
a data breach?

This module focuses on how reporting cyber incidents and sharing information can help organisations and sectors collaborate to minimise the impact of cyber threats across the EU.

International
data transfers

Learn the rules for transferring personal data outside the EU.

What is GDPR? When and
where does it apply?

Understand the basics of GDPR, its importance, and its impact on your privacy.

The 6 Principles of GDPR

Understand the core principles behind the GDPR.

The Rights of Data Subjects

Learn about your rights under the GDPR

Exercising your Rights

Understand the difference between data controllers and data processors and learn who’s responsible for answering your information requests.

Learn the phishing basics

Refresh your knowledge of phishing and why it’s a threat. This module covers the common tactics used by cybercriminals and provides essential knowledge to help you identify potential phishing attempts.

Spot the phishing messages

Dive deeper into identifying phishing attempts by analysing real-world examples. Learn to recognise red flags in emails, text messages, and other forms of communication to protect yourself from falling victim to these scams.

Take the phishing quiz

Test your knowledge and sharpen your skills. Practice spotting phishing attempts in simulated scenarios and reinforce what you’ve learned in the previous modules.

Introduction to Personally Identifiable Information (PII)

Get to know the rules and regulations that define how your company should handle personal data.

Fair Information Practices
(FIPs)

Understand the eight principles of FIPs and how to apply them in real-world situations.

Understanding Privacy Impact Assessments (PIAs)

In this session, you’ll learn what PIAs are, when they’re needed, and how conducting one can help your organisation remain compliant and build trust.

The California Consumer Privacy Act (CCPA)

Explore the CCPA and why it concerns you, even if you’re not in California.

Balancing KYC protocols and PII privacy

Businesses need to verify customer identities, but how can you do this while respecting their privacy rights? Discover how to comply with KYC rules while ensuring responsible data handling.

Overview and core principles

Discover what it is, who must follow it, and how to apply three pillars to protect patient data.

Patient
privacy & confidentiality

PHI is the primary focus of HIPAA protection, and this session will help you define it, understand its importance, recognize the risks of mishandling it, and apply best practices.

Physical & digital security measures

Learn how to implement physical security measures and apply digital security best practices to prevent breaches and protect sensitive information.

HIPAA
violations & consequences

In this session, you’ll examine the reality of HIPAA violations—when PHI is accessed, disclosed, or mishandled contrary to HIPAA rules.

What is the BDSG and when does it apply?

Understand how Germany’s BDSG complements the GDPR, when it applies, and to whom. See where European and German law intersect — and what that means in practice for your organisation.

The 6 fundamental principles

The six principles of the GDPR also apply in Germany — but the BDSG makes them stricter in key areas. With practical examples, you’ll see exactly what Germany expects beyond the European standard.

Data protection rights under the BDSG

GDPR rights are familiar. The BDSG goes further, with additional rules for employees and public authorities. This module shows you where Germany raises the bar.

Organising data protection: from the DPO to data requests

The BDSG adds additional rules on appointing a Data Protection Officer, keeping records, and handling requests. Learn how to make compliance systematic rather than ad hoc.

Data protection in the workplace

Employee privacy is at the heart of the BDSG. After this module, you’ll know exactly what is allowed — and what isn’t — in everyday HR and workplace practice.

Introduction to TISAX

Learn what TISAX is, how it builds on ISO 27001, and why major automotive manufacturers require it. Discover how a label works — and how it creates new business opportunities.

Step by step towards a successful TISAX audit

Prepare step by step for audit readiness: define your scope, understand maturity levels, complete the VDA ISA, and choose the right provider. Save time and avoid costly mistakes.

The audit process explained

See what happens during a TISAX audit — from kick-off to evidence checks and final assessment. Understand what auditors look for and how to maximise your chances of success.

What is the DORA Regulation and why does it matter?

DORA sets a new standard for digital resilience in the financial sector. Learn why it was created, who it applies to, and how proportionality works. You'll leave with a clear understanding of the five pillars that shape this training.

ICT Risk Management Framework

Understand how financial entities are expected to identify, assess, and control ICT risks. See what a structured framework looks like in practice, from asset inventory to protection measures. You'll also learn where management responsibility ends and your own role begins.

Reporting obligation

Not every ICT incident triggers a reporting obligation. Learn what qualifies as serious under DORA, who is responsible, and within which timeframes your organisation must act. Discover how the reporting route works, from national authority to European level.

Digital operational resilience testing

Controls on paper offer no guarantee in a real crisis. Discover which testing methods DORA requires, what each one verifies, and when Threat-Led Penetration Testing applies. You'll understand who is involved and what supervisors expect to see.

ICT risks in outsourcing

Outsourcing ICT services doesn't transfer accountability. Learn how DORA approaches third-party risk and which risks deserve the most attention when services are externally provided. You'll also find out how information sharing supports sector-wide resilience.

Protecting patient information

Discover why NEN 7510 is more than just a compliance requirement. We explain how information security supports patient safety, trust and high-quality care, and introduce the key concepts and legal frameworks.

How the hospital maintains control

Information security is a continuous process. This module shows how hospitals manage risks through the NEN 7510-1 management system, and how policy and management decisions influence day-to-day work.

Practical tips for healthcare staff

What does NEN 7510 specifically require from healthcare staff? We translate the controls from NEN 7510-2 into practical actions on the ward: secure log-in practices, handling patient data, AI, email use and physical security.

Why security matters in healthcare

Understand why protecting patient information is critical to safe care. See how security builds trust, supports patient safety, and meets healthcare legal and professional obligations.

How your organisation manages risk

See how your healthcare organisation manages security risk - through policies, procedures, and leadership decisions - and how these controls shape daily clinical and administrative work.

Protecting the care workspace

Adopt essential digital and physical security routines. Learn to secure workstations, manage access to restricted areas, and ensure that patient records - whether on screen or paper - are never left unattended or exposed to unauthorised eyes.

Spot phishing and avoid being tricked

Discover how attackers impersonate colleagues, suppliers, or patients to get access or information. Practise recognising warning signs and know what to do immediately when something feels off.

Share patient data safely

Learn how to transfer information securely within your team and with care partners (e.g., GP, pharmacy, transport). Choose the right channel for the situation and prevent “wrong recipient” mistakes.

Responsible use of AI

AI tools are everywhere, but how do you use them safely? Learn the pitfalls of 'shadow AI', prevent medical data from leaking into public models, and ensure human oversight remains at the heart of every clinical decision.

What to do if something goes wrong

Know what counts as a security incident or data breach, and why speed matters for patient safety. Learn the first steps: contain, record key details, and report to the right place.

Protecting payment data is everyone’s business

If your organisation processes, stores or transmits payment card data, the Payment Card Industry Data Security Standard (PCI DSS) applies. The standard sets out clear rules to protect cardholder information and reduce the risk of fraud. In this level, you’ll learn when PCI DSS applies, what kind of data must be protected, and which technical and organisational controls are required. We’ll explore how to reduce risks, meet compliance expectations, and keep both customer data and your business secure.

On the road
with AI

Begin your journey into AI. Discover what AI really is (and isn’t), how to recognise it in everyday life, and why it matters for your role.

AI in the
workplace

AI at work, what could go wrong? Step into real-world scenarios and see how different teams use AI for writing, coding, and sales. Spot mistakes, prevent misuse, and learn safe, smart practices.

✔ EU AI Act

Becoming a
cybersecure prompter

Learn what powers generative AI. This session explains how tools like ChatGPT generate content, how to prompt them effectively—and how to stay safe while doing so.

✔ EU AI Act

Bandits and bots: how hackers weaponise AI

Think like a hacker (briefly). Discover how cybercriminals use AI to create better phishing, generate fake content, and scale their attacks. Understanding their tools is your first line of defence.

✔ EU AI Act

AI in
cybersecurity

AI works both ways. Learn how AI boosts defence against (AI-enhanced) threats—no tech degree required.

✔ EU AI Act

Legislation on AI:
current state of AI rules and regulations

AI regulation is evolving globally, but it's far from consistent. From the EU’s AI Act to proposed frameworks in the US and Canada’s AIDA, governments are working out how best to govern artificial intelligence. Learn what’s coming, how it might affect your work, and why understanding AI law matters—wherever you’re based.

✔ EU AI Act

Payments under pressure

Finance teams handle the organisation’s most sensitive transactions—and attackers know it. Learn how payment fraud works, how criminals exploit urgency and authority, and which verification controls prevent costly mistakes.

Who gets access to the money?

Financial data is powerful—and dangerous in the wrong hands. Explore how access rights, role-based permissions, and proper offboarding protect accounting systems, payroll data, and financial records from misuse or insider risk.

Trust, but verify: securing supplier payments

Your suppliers can introduce hidden risk. Understand how vendor fraud, weak contracts, and missing data protection clauses can expose your organisation. Learn how Finance can enforce security requirements before approving payments.

AI in Finance: powerful tool or hidden risk?

AI can analyse reports, summarise contracts, and speed up financial work—but careless use can expose confidential data. Learn how to use AI responsibly, validate AI output, and keep financial information protected.

Protecting financial assets—digital and physical

From encrypted laptops to secure authentication tokens, financial assets exist both online and offline. Learn how to protect devices, manage sensitive hardware, and respond quickly when equipment or data goes missing.

When incidents hit the balance sheet

Cyber incidents don’t just affect IT—they affect finance. Discover how ransomware, fraud, or system disruptions translate into financial impact, reporting obligations, and insurance claims. Learn what Finance must do when things go wrong.

Rules that matter: enforcing secure finance processes

Security policies only work if people follow them. Explore how organisations handle process bypassing, repeated violations, and risky behaviour. Learn how enforcement, escalation, and accountability keep financial operations secure.