IT Governance Course

course overview

Click to View dates & book now


The NIS Directive brings new obligations to operators of essential services. It defines their role to prevent and report cyber incidents, with specific liabilities. The NIS Directive is important to strengthen the security of Operators of Essential Services in the UK and across the EU.

This training is GCHQ certified and is ideal for regulators, security auditors, safety and security managers at operators of essential services and infrastructure managers.

In this 5-day training, participants will learn about the NIS Directive and its requirements. We will learn how to assess the current readiness level, and how to develop a roadmap towards compliance. We will present the NCSC Cyber Assessment Framework and discuss on a list of existing good practices to strengthen security and demonstrate compliance with the requirements of the NIS Directive.

Course author: Dr. Cédric LÉVY-BENCHETON (Cetome) is a recognised expert in security with a focus on critical infrastructure sectors and the Internet of Things. Previously, Cédric worked at ENISA, the European Union Cyber Security Agency, several of his guidance and recommendations defined key areas of the NIS Directive. He was also a researcher in telecommunications and has obtained a Ph.D. in Telecommunications.

Skills Gained

  • Understand the requirements of the NIS Directive
  • Know the threats and risks to critical infrastructure
  • Be able to assess the preparedness level to the NIS Directive
  • Be able to define a security governance and embed security into the business
  • Identify the roles, responsibilities and accountabilities across an OES
  • Be able to identify critical assets
  • Be aware of the risks related to third-parties
  • Be able to define security priorities and a compliance roadmap
  • Be able to monitor and detect incidents
  • Know how to handle a security incidents, including incident response, reporting to authorities and post-mortem
  • Understand the importance of information exchange and cooperation
  • Become more proactive towards security with threat intelligence and information sharing
  • Know how to build a security culture


There are no specific pre-requisites to attend this course, however we do expect delegates to have a basic understanding of technology, computing and the internet.


Day 1: Introduction to the NIS Directive

  • Introduction to the NIS Directive, why it exists and the UK implementation (NIS Regulations)
  • Cyber attacks on essential services
  • The Cyber Assessment Framework (CAF) and how to use it

In the next 4 days, we will study the security principles of the CAF. We will discuss around good practices (people, process and tools) as well as existing standards, and see how they can be used to assess and demonstrate compliance.

Day 2: Details of the CAF “Managing Security Risk”

  • Governance: focus on the roles and accountabilities
  • Risk Management
  • Asset Management
  • Supply chain and security of third-parties

Day 3: Protecting against cyber attacks (part 1):

  • B1. Service Protection Policies and Processes
  • B2. Identity and Access Control
  • B3. Data Security

Day 4: Protecting against cyber attacks (part 2):

  • B4. System Security
  • B5. Resilient Networks and Systems
  • B6. Staff Awareness and Training

Day 5: “Detecting cyber security events” and “Minimising the impact of cyber security incidents”

  • C1. Security Monitoring
  • C2. Proactive Security Event Discovery
  • D1. Response and Recovery Planning
  • D2. Lessons Learned

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.