New Designing information systems protection according to NIS2 requirements

The NIS (Network and Information Systems) is a cybersecurity directive designed to improve the functioning of the EU's internal market. It ensures a high level of security for network and information systems uniformly across the EU. The updated NIS2 version of the NIS entered into force on 16 January 2023 and Member States have until autumn 2024 to transpose it into their national legislation, and the adopted and promulgated domestic provisions will be binding for certain domestic businesses and organisations (e.g. energy sector, finance, electronic equipment manufacturing, public administration, utilities, digital infrastructure services, postal services, waste management, etc.).

The aim of the training is to familiarise organisations and companies with the requirements of the NIS2 Directive, the legal background and its interpretation, the basic steps and tasks necessary to design and implement an NIS2 compliant information system, possible organisational measures and methodologies.

At the end of the training, participants will be asked to complete a 50-question multiple-choice test.

The training is intended for employees of companies and organisations who need to apply the NIS2 Directive and who are responsible for planning, designing, managing, reviewing, developing, understanding, adhering to and/or enforcing compliance with the NIS2 Directive.

On completion of the training, participants will acquire the following skills:

• The evolution of the NIS definition environment in international and national contexts
• Understanding of critical infrastructures and critical information infrastructures, their interrelationships and differences
• Knowledge and understanding of the relevant EU regulatory environment
• Knowledge and understanding of the legal environment in Hungary
• Knowledge and understanding of domestic regulatory and incident management activities
• Knowledge and understanding of information security requirements for critical information infrastructures

• Overview, definitions and related terminology
• Evolution of the definitional environment from the 2000s to the present, internationally and domestically
• International perspective on the evolution of cybersecurity. Understanding of critical infrastructures and critical information infrastructures, their interrelationships and differences
• A description of the EU regulatory environment for network and information systems security, with specific reference to the directive and regulation obligations in the Member States
• Description of the legal requirements in Hungary related to network and information systems security, including organisational structure, responsibilities and obligations
• Presentation of tools and methods for the prevention of cyber-attacks within the framework of the public authorities' responsibilities and the rules and procedures for handling incidents affecting critical information infrastructures
• Interpretation and identification of information security requirements in relation to critical information infrastructures

Knowledge of basic IT security concepts and information security processes, computer management skills.