Become NIS2 compliant with SagaLabs

Written By Emil Schmidth Nielsen

SagaLabs provides hands-on scenario-based training for organizations and their employees. This can help organizations comply to NIS2 article 20 (Governance) and 21 (Cybersecurity risk-management measures). NIS2 will affect around 160.000 organizations in Europe. In this blogpost you can learn more about NIS2, the role of cybersecurity training required for NIS2 and how SagaLabs can help ensure compliance to the specific training requirements in NIS2.

A picture showing the European flag with the word "NIS2" written inside. The I resembles a padlock.

What is NIS2?

The NIS2 directive is an EU (European Union) directive from 2022, that provides a legal framework to uphold cybersecurity in 18 critical sectors across the EU. It succeeds the former NIS1 directive from 2016, and greatly expands sectors covered by the directive.

Did you know that NIS stand for “Network and Information Systems”?

A few examples of the sectors covered by both NIS1 and NIS2 are energy, finance, and healthcare. Examples of new sectors covered by NIS2 are social platforms, wastewater, waste management, and public administration. This greatly expands the number of organizations that needs to comply with NIS2 legislation from around 15.000-15.500 organizations affected by NIS1 to 160.000 organizations affected by NIS2.

We found the following statement made on the European Commission website outlining NIS2, we think it encapsulates the purpose quite well.

NIS2 requires EU member states to enhance their cybersecurity capabilities, while introducing risk management measures and reporting requirements to entities from more sectors and setting up rules for cooperation, information sharing, supervision, and enforcement of cybersecurity measures.
— European Commission

One of the key factors of NIS2 is that it introduces accountability of the top management. This means that cybersecurity will have the attention in a lot of board rooms over the years to come.

We recommend reading more about NIS2 here: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

The role of Cybersecurity Training in NIS2

Cybersecurity training plays a central role in NIS2. Besides the legal framework provided by NIS2, the directive also mandates that each Member State of the European Union must adopt a national cyber security strategy. This national strategy must have policies for cybersecurity education and awareness.

CHAPTER IV “CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONS” of NIS2 includes the following two articles, that directly mentions the role of cybersecurity training required by the directive.

A picture showing NIS2 Article 20, with yelllow highlights around parapgraph 2.

NIS2 Article 20: Governance

Article 20 moves cybersecurity into the board room. It holds top management and the board directly responsibly for approvement of the cybersecurity risk management measures.

Member States shall ensure that the members of the management bodies of essential and important entities are required to follow training, and shall encourage essential and important entities to offer similar training to their employees on a regular basis, in order that they gain sufficient knowledge and skills to enable them to identify risks and assess cybersecurity risk-management practices and their impact on the services provided by the entity.
— NIS2 Article 20

Not only can we help your organization comply with training requirements in NIS2, but we also provide our hands-on training, that enables fun and engaging learning environments with skills that we ensure will add real persistent value to your organization cybersecurity posture and improve resilience.

A picture showing NIS2 Article 21, with yelllow highlights around parapgraph 2 and paragraph 2 (g).

NIS2 Article 21: Cybersecurity risk-management measures

Article 21 outlines the technical, operational and organisational measures that organizations must take to properly manage their risks. It specifically mentions “basic cyber hygiene practices and cybersecurity training” as a minimal requirement. We can help facilitate compliance through our offerings in SagaLabs, while also providing value to boost the overall cybersecurity resilience in organizations - especially during security incidents.

SagaLabs Scenario-Based Training

A picture of the SagaLabs cyber range platform, this picture shows some of the available operations and labs.

SagaLabs Cyber Range

At SagaLabs we provide hands-on scenario-based training, where we simulate realistic cybersecurity attacks and incidents. This is achieved on our own EU-built cyber range (read more here: https://www.cybertræning.dk), that rapidly spins up parallel lab environments with a fun and engaging LMS (Learning Management System).

Our instructors will guide you through the scenarios, providing war stories of real-life experience with handling of cybersecurity attacks and incidents. We believe this creates the best learning environment and therefore also provides the most value to organizations to boost their resilience.

At SagaLabs we recognize that organizations have limited amounts of time to train both cybersecurity incident response and overall cybersecurity skills. Therefore, our offerings are designed to provide the maximum value in a relatively short timespan – usually workshops are 4-5 hours, with 25-30 people. How do we achieve teaching so much knowledge and so many skills in such a short span of time you may ask?

  1. Hands-on training

  2. Train in teams

  3. Realistic and engaging scenarios

  4. Instructors with real life experience

Train as you fight!

All SagaLabs founders have a background from the military. In the military we learned that the mantra “train as you fight”. We have incorporated this approach deeply within all our offerings, ensuring that organizations get as much hands-on experience as possible, as we believe it creates the most fun and engaging learning environments.

Get compliant with SagaLabs

SagaLabs offerings will help organizations comply with parts of NIS2 article 20 and article 21 through our training/workshop offerings. We can provide of the shelf scenarios that covers topics such as:

  • Supply Chain Attack

  • Ransomware

  • Insider Threat

  • Critical Infrastructure

Besides compliance, we believe our training provides a fun and engaging learning environment, that will maximize the value of our cybersecurity workshops for organizations. This ensures that besides compliance, organizations gets real experience, tools and knowledge, that will help enhance cybersecurity resilience in daily operations and during security incidents.

Finally, we also provide tailored solutions, where we replicate organizations infrastructure in our cyber range. We work closely with our customers to built attack paths and scenarios, to make the tailored training as realistic as possible. This way we can ensure that organizations get the most value out of training, all while not impacting production infrastructure in the company.

If this sounds of interest, you are more than welcome to reach out to us on e-mail: [email protected]

Emil Schmidth Nielsen

Emil Schmidth Nielsen is a SagaLabs Co-Founder and has experience from both the Danish Military and critical infrastructure telco/energy company Norlys as a Senior Cyber Security Specialist.

Previous

Tool Release: UAL-Timeline-Builder (UTB)
Next

Behind-The-Scenes of Scenario Development