Security of Network and Information Systems Directive (NIS)

This course is aimed at those individuals seeking to implement, maintain and or audit the NIS, within competent authorities, operators of essential services, digital service providers and or the wider supply chain.

This course aims to teach delegates about the Security of Network and Information Systems Directive (NIS). The NIS directive requires operators of essential services and digital service providers to implement “appropriate and proportionate technical measures” to manage the risks posed to the security of their networks and information systems. This course provides a foundation to the NIS directive, its implementation and compliance and underpinning penalty regimes. Specifically, this course will take the delegate through all of the NIS principles covering each from a governance and a technical perspective.

Official guidance on the NIS Directive, which comes into force on the 9th May, can be found at the NCSC website here.

Prerequisites

There are no specific pre-requisites to attend this course, however we do expect delegates to have a basic understanding of technology, computing and the internet.

Delegates will learn how to

NIS Governance, Risk and Compliance

    A1 Governance
    A2 Risk Management
    A3 Asset Management
    A4 Supply Chain

Systems & Service Protection

    B1 Service Protection Policies and Processes
    B2 Identity & Access Control
    B3 Data Security
    B4 Systems Security
    B5 Resilient Networks & Systems
    B6 Staff Awareness & Training

Security Monitoring & Alerting

    C1 Security Monitoring
    C2 Proactive Security Event Discovery

Response & Recovery

    D1 Response and Recovery Planning
    D2 Lessons Learned

Outline

Module 1a – Competent Authority Obligations

This module covers the following NIS topics:

Competent authority obligations

    Operators of essential services
    Digital service providers

Module 1b – Technology Primers

Delegates will learn about

    Internet primer
    Industrial controls systems security primer
    Introduction to cloud security

Module 2 – NIS Governance, Risk and Compliance

This module helps delegates understand the appropriate organisational structures, policies, and processes in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.

This module covers the following NIS Principles:

    A1 Governance
    A2 Risk Management
    A3 Asset Management
    A4 Supply Chain

Delegates will learn about

Governance

    Governance in the information security arena
    Information security management & leadership roles
    Responsible & accountable persons
    Continual improvement
    Principles of auditing

Risk Management

    Component vs System techniques
    Risk assessments
    Risk measurement against ‘risk appetite’
    oManaging risk
    Risk reduction and acceptance techniques

Asset Management

    Asset value
    Assets and critical dependencies

Supply Chain

    Cyber risks in the supply chain
    Flow down of security obligations in contracts
    Third party dependency modelling

Module 3 – Systems & Service Protection

This module helps delegates understand the proportionate security measures in place to protect essential services and systems from cyber-attack or systems failures.

This module covers the following NIS Principles:

    B1 Service Protection Policies and Processes
    B2 Identity & Access Control
    B3 Data Security
    B4 Systems Security
    B5 Resilient Networks & Systems
    B6 Staff Awareness & Training

Delegates will learn about

Security Policies and Processes

    Information Security Management System (ISMS)
    Communication, enforcement and governance
    Alignment to business goals and outcomes

Identity & Access Management

    Authorisation & Authentication
    Identity as a service
    Privilege management

Data Security (Confidentiality, Integrity & Availability)

    Data in transit & Data at rest
    Encryption
    Patch management

Resilient Networks & Systems

    Network primer
    Failover and redundancy
    Segregation & air gaping
    Third party access & management
    Access control

Security training & Awareness

    Implementing security programmes
    Tailoring messages for your audience

Module 4 – Security Monitoring & Alerting

This module helps delegates understand the appropriate capabilities to ensure network and information systems security defences remain effective and to detect cyber security events affecting, or with the potential to affect, essential services.

This module covers the following NIS Principles:

    C1 Security Monitoring
    C2 Proactive Security Event Discovery

Learning outcomes

Delegates will learn about best practice security monitoring in IT and OT environments, on premise and cloud services, including security information event management (SIEM), to establish a proactive security event management system. An insight into common cyber threats, malicious behaviour profiling and proactive security assessments.

SIEM Processes, Features & Functions

    Security & Event Auditing

Anomaly Detection

    Anti-malware and evasion
    Audit Logs – What to collect from where
    Telemetry behaviour patterns

Threat Detection

    Intruder behaviour
    Insider threat hunting
    Common methods of attack
    Advanced threats

Security Assessments

    Vulnerability management
    Social engineering and ethical phishing
    Insider threat assessment
    Red teams

Module 5 – Response and Recovery

This module helps delegates understand the capabilities to minimise the impacts of a cyber security incident on the delivery of essential services including the restoration of those services where necessary.

This module covers the following NIS Principles:

    D1 Response and Recovery Planning
    D2 Lessons Learned

Learning outcomes

Delegates will learn about best practice incident management processes for IT & OT systems and services. Prepare and review incident response plans for critical services and dependant systems, including within the supply chain. Crisis management, communication and incident recovery planning preparedness and exercises.

    Indicators of attack & compromise
    Incident response vs business continuity

Resilience

    Incident response plans
    Incident response within the supply chain
    Post incident recovery (crisis and communications)
    Lessons learned & root cause reporting