Welcome and presentation of the program. Context and link to digital transformation.

Foundations of the NIS2 Directive: Understanding the challenges for your organization. Implementation deadlines. Governance objectives for security. Sectors and organizations concerned: Distinction between Essential Entities and Important Entities. Identification of the affected sectors. Main obligations: Cybersecurity governance. Incident reporting. Risk management. Legal consequences and sanctions for non-compliance: ANSSI controls. Financial penalties. Criminal liability of organizations and executives.

Legal obligations and IT challenges for information systems security management

Q: Operational impacts: role of technical management

Actors involved: Internal: CEO, DT, CIO, CISO, DPO, Business teams. External: Partners (Supply Chain), Regulations. Direct impacts: Information system: Asset mapping. Business processes: Business risk management. Governance: Committee, documentation, auditability, training. Structuring compliance: Define a clear strategy. Design a structured roadmap (phases, milestones, continuous improvement).

Q: Managing change within the framework of compliance

Understanding resistance to change: Types of resistance (individual, collective, cultural, organizational). Causes of resistance in the cyber domain. Consequences of unmanaged resistance. ADKAR approach: Awareness. Desire. Acquisition of knowledge (Knowledge). Ability to act. Reinforcement.

Q: Put into practice and action plan

Identification of key priorities: Evaluation of critical assets. Risk prioritization. Alignment with NIS2 requirements. Actions and initial plan: Implementation of Quick-Wins. Defining concrete steps with SMART goals.

This training aims to offer CIOs, DTs and CISOs an overview of the legal, technical and human issues linked to NIS2 compliance. It provides the skills needed to drive change in their organization.
The specific objectives are:

1 day

Leaders & IT experts: CIO, Technical Director, Technical Manager, Collaborators.

Training programs

Introduction

Welcome and presentation of the program.
Context and link to digital transformation.

The NIS2 directive

Foundations of the NIS2 Directive:
- Understanding the challenges for your organization.
- Implementation deadlines.
- Governance objectives for security.
Sectors and organizations concerned:
- Distinction between Essential Entities and Important Entities.
- Identification of the affected sectors.
Main obligations:
- Cybersecurity governance.
- Incident reporting.
- Risk management.
Legal consequences and sanctions for non-compliance:
- ANSSI controls.
- Financial penalties.
- Criminal liability of organizations and executives.

Operational impacts: role of technical management

Actors involved:
- Internal: CEO, DT, CIO, CISO, DPO, Business teams.
- External: Partners (Supply Chain), Regulations.
Direct impacts:
- Information system: Asset mapping.
- Business processes:Business risk management.
- Governance: Committee, documentation, auditability, training.
Structuring compliance:
- Define a clear strategy.
- Design a structured roadmap (phases, milestones, continuous improvement).

Managing change within the framework of compliance

Understanding resistance to change:
- Types of resistance (individual, collective, cultural, organizational).
- Causes of resistance in the cyber domain.
- Consequences of unmanaged resistance.
ADKAR approach:
- Awareness.
- Desire.
- Acquisition of knowledge (Knowledge).
- Ability to act.
- Reinforcement.

Put into practice and action plan

Identification of key priorities:
- Evaluation of critical assets.
- Risk prioritization.
- Alignment with NIS2 requirements.
Actions and initial plan:
- Implementation of Quick-Wins.
- Defining concrete steps with SMART goals.