Manager Training

NIS2 Manager Training

Equip your management team with the knowledge required to fulfill its cybersecurity responsibilities.

NIS2 Starts at the Top

Under NIS2, management is directly responsible for cybersecurity. Article 20(1) requires management bodies to oversee cybersecurity risk-management measures, while Article 20(2) requires them to complete training in order to understand their duties and properly assess cyber risks.

This means management training is not simply a recommended extra, but a requirement anchored in NIS2 itself. It supports informed decision-making at leadership level and helps build the foundation for an effective IT-Infrastructure.

Training Content

For essential and important entities, NIS2 requires management bodies to be involved in the implementation and oversight of cybersecurity risk-management measures.

This does not mean that management needs the same technical expertise as network and information security teams. However, management must understand the main cybersecurity risks, assess their business impact, and ensure that appropriate measures are implemented.

Our NIS2 manager training is aligned with the BSI guidance on NIS2 training for management bodies. It does not focus on detailed technical solutions. Instead, it explains the strategies, tools, and governance mechanisms that management can use to oversee, steer, and document NIS2 implementation and compliance. The training covers the following core topics:

Part 1: E-Learning

Duration: approx. 2 hours

This section gives management bodies a structured understanding of the core topics highlighted in the BSI guidance.

  • NIS2 fundamentals, scope and relevant obligations
  • Risk identification and assessment
  • Risk-management practices in information security
  • Implementation, documentation and effectiveness of risk-management measures
  • Reporting and notification obligations, including significant incidents
  • Registration obligation
  • Management-body duties, liability, training obligations and potential sanctions
  • Risk-management measures, state of the art and minimum measures under Section 30(2) BSIG
  • Sector- and entity-specific content

Part 2: Scenario Exercise

Duration: approx. 2 hours

Participants work through a scenario exercise based on the progression of real incidents and practise management decision-making as new information emerges.

  • Scenario exercise or tabletop exercise using typical threat situations and decision points
  • Testing of decision paths, communication processes and escalation logic
  • Assessment of risks, risk-management measures and impacts on the services provided by the entity
  • Documentation of results and derivation of improvement measures
  • Practical application of the BSI training topics covered in Part 1

What Our Training Looks Like

Our NIS2 manager training is a two-part programme that combines E-Learning with a practical scenario exercise.

In Part 1, participants use our online academy to work through a series of videos covering the core content for management bodies. Participants can complete this part at their own pace and on their own schedule. Short quizzes at the end of each module help check understanding of the key points.

In Part 2, participants work through an interactive scenario exercise based on the progression of real incidents. The exercise reflects typical threat situations and decision points, and tests decision paths, communication processes and escalation logic under realistic conditions.

Available languages: English, German, and Japanese

Part 1 E-Learning

Duration: approx. 2 hours

Part 2 Scenario Exercise

Duration: approx. 2 hours

Training Audience

This training is intended for members of management bodies and for anyone involved in important NIS2-related decisions, such as risk management, reporting obligations, budget approvals, or cybersecurity governance.

The main audiences are:

  • Members of management bodies authorised to manage and represent the entity
  • Board members, managing directors, local entity heads and comparable senior roles
  • People who support or advise management bodies on NIS2 implementation
  • Managers involved in allocating budget or resources for risk-management measures
  • People responsible for risk-management measures, reporting and notification obligations or cybersecurity governance

Managers based outside the EU may also be within scope if they are involved in the NIS2 response of European subsidiaries.

At a Glance

Course Basis

The course is based on the BSI guidance on NIS2 training for management bodies

Target Audience

Management bodies, including executives, board members, managing directors, and other decision-makers responsible for NIS2 oversight.

Duration

Part 1 and Part 2 each take approximately 2 hours, for a total duration of 4 hours.

Languages

Available in English, German and Japanese

Ready to Get Started?

We tailor our training to the specific needs of your organization. Whether you are ready to schedule the training or would like to discuss further details first, we would be happy to hear from you.

Discuss NIS2 Manager Training

Looking for Broader NIS2 Support?

Are you looking for broader support on your path to NIS2 compliance? We support organisations beyond training. Our NIS2 Assessment helps you identify existing gaps on your path to NIS2 compliance and provides a structured overview of the measures that should be implemented. Our CSIRT Service gives you access to expert support for handling security incidents and meeting reporting obligations.

Follow the links below to learn more about these services, or contact us directly to discuss the right approach for your organisation.

Related services: NIS2 Assessment / CSIRT Service (NIS2 support)