Special Notices

This is an NCSC Certified Training Course.

National Cyber Security Centre Certified Training

Course Overview

The NIS Directive brings new obligations to operators of essential services. It defines their role to prevent and report cyber incidents, with specific liabilities. The NIS Directive is important to strengthen the security of Operators of Essential Services in the UK and across the EU.

This training is NCSC certified and is ideal for regulators, security auditors, safety and security managers at operators of essential services and infrastructure managers.

In this 5-day training, participants will learn about the NIS Directive and its requirements. We will learn how to assess the current readiness level, and how to develop a roadmap towards compliance. We will present the NCSC Cyber Assessment Framework and discuss on a list of existing good practices to strengthen security and demonstrate compliance with the requirements of the NIS Directive.

Course author: Dr. Cédric LÉVY-BENCHETON (Cetome) is a recognised expert in security with a focus on critical infrastructure sectors and the Internet of Things. Previously, Cédric worked at ENISA, the European Union Cyber Security Agency, several of his guidance and recommendations defined key areas of the NIS Directive. He was also a researcher in telecommunications and has obtained a Ph.D. in Telecommunications.


There are no specific pre-requisites to attend this course, however we do expect delegates to have a basic understanding of technology, computing and the internet.

Learning Objectives

  • Understand the requirements of the NIS Directive
  • Know the threats and risks to critical infrastructure
  • Be able to assess the preparedness level to the NIS Directive
  • Be able to define a security governance and embed security into the business
  • Identify the roles, responsibilities and accountabilities across an OES
  • Be able to identify critical assets
  • Be aware of the risks related to third-parties
  • Be able to define security priorities and a compliance roadmap
  • Be able to monitor and detect incidents
  • Know how to handle a security incidents, including incident response, reporting to authorities and post-mortem
  • Understand the importance of information exchange and cooperation
  • Become more proactive towards security with threat intelligence and information sharing
  • Know how to build a security culture

Course Outline

Day 1: Introduction to the NIS Directive

  • Introduction to the NIS Directive, why it exists and the UK implementation (NIS Regulations)
  • Cyber attacks on essential services
  • The Cyber Assessment Framework (CAF) and how to use it

In the next 4 days, we will study the security principles of the CAF. We will discuss around good practices (people, process and tools) as well as existing standards, and see how they can be used to assess and demonstrate compliance.

Day 2: Details of the CAF “Managing Security Risk”

  • Governance: focus on the roles and accountabilities
  • Risk Management
  • Asset Management
  • Supply chain and security of third-parties

Day 3: Protecting against cyber attacks (part 1):

  • B1. Service Protection Policies and Processes
  • B2. Identity and Access Control
  • B3. Data Security

Day 4: Protecting against cyber attacks (part 2):

  • B4. System Security
  • B5. Resilient Networks and Systems
  • B6. Staff Awareness and Training

Day 5: “Detecting cyber security events” and “Minimising the impact of cyber security incidents”

  • C1. Security Monitoring
  • C2. Proactive Security Event Discovery
  • D1. Response and Recovery Planning
  • D2. Lessons Learned

Cyber Security Learning Paths

Want to boost your career in Cyber Security? Click on the roles below to see QA‘s learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
Cyber Management
Cyber Tech
Security Auditor
Intrusion Analyst
CompTIA Security Includes Security+, CySA+ and CASP
Industrial Control Systems & Operational Technology Technical
Industrial Control Systems & Operational Technology Management

Related to this course

Please complete this form and we'll be in touch

Hide form
Please enter a date or timescale
Please type in a preferred location or region...