Security of Network and Information Systems Directive (NIS)
Provided by QA
About the course
This course is aimed at those individuals seeking to implement, maintain and or audit the NIS, within competent authorities, operators of essential services, digital service providers and or the wider supply chain.
This course aims to teach delegates about the Security of Network and Information Systems Directive (NIS). The NIS directive requires operators of essential services and digital service providers to implement “appropriate and proportionate technical measures” to manage the risks posed to the security of their networks and information systems. This course provides a foundation to the NIS directive, its implementation and compliance and underpinning penalty regimes. Specifically, this course will take the delegate through all of the NIS principles covering each from a governance and a technical perspective.
Official guidance on the NIS Directive, which comes into force on the 9th May, can be found at the NCSC website here.
Prerequisites
There are no specific pre-requisites to attend this course, however we do expect delegates to have a basic understanding of technology, computing and the internet.
Delegates will learn how to
NIS Governance, Risk and Compliance
A1 Governance
A2 Risk Management
A3 Asset Management
A4 Supply Chain
Systems & Service Protection
B1 Service Protection Policies and Processes
B2 Identity & Access Control
B3 Data Security
B4 Systems Security
B5 Resilient Networks & Systems
B6 Staff Awareness & Training
Security Monitoring & Alerting
C1 Security Monitoring
C2 Proactive Security Event Discovery
Response & Recovery
D1 Response and Recovery Planning
D2 Lessons Learned
Outline
Module 1a – Competent Authority Obligations
This module covers the following NIS topics:
Competent authority obligations
Operators of essential services
Digital service providers
Module 1b – Technology Primers
Delegates will learn about
Internet primer
Industrial controls systems security primer
Introduction to cloud security
Module 2 – NIS Governance, Risk and Compliance
This module helps delegates understand the appropriate organisational structures, policies, and processes in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.
This module covers the following NIS Principles:
A1 Governance
A2 Risk Management
A3 Asset Management
A4 Supply Chain
Delegates will learn about
Governance
Governance in the information security arena
Information security management & leadership roles
Responsible & accountable persons
Continual improvement
Principles of auditing
Risk Management
Component vs System techniques
Risk assessments
Risk measurement against ‘risk appetite’
oManaging risk
Risk reduction and acceptance techniques
Asset Management
Asset value
Assets and critical dependencies
Supply Chain
Cyber risks in the supply chain
Flow down of security obligations in contracts
Third party dependency modelling
Module 3 – Systems & Service Protection
This module helps delegates understand the proportionate security measures in place to protect essential services and systems from cyber-attack or systems failures.
This module covers the following NIS Principles:
B1 Service Protection Policies and Processes
B2 Identity & Access Control
B3 Data Security
B4 Systems Security
B5 Resilient Networks & Systems
B6 Staff Awareness & Training
Delegates will learn about
Security Policies and Processes
Information Security Management System (ISMS)
Communication, enforcement and governance
Alignment to business goals and outcomes
Identity & Access Management
Authorisation & Authentication
Identity as a service
Privilege management
Data Security (Confidentiality, Integrity & Availability)
Data in transit & Data at rest
Encryption
Patch management
Resilient Networks & Systems
Network primer
Failover and redundancy
Segregation & air gaping
Third party access & management
Access control
Security training & Awareness
Implementing security programmes
Tailoring messages for your audience
Module 4 – Security Monitoring & Alerting
This module helps delegates understand the appropriate capabilities to ensure network and information systems security defences remain effective and to detect cyber security events affecting, or with the potential to affect, essential services.
This module covers the following NIS Principles:
C1 Security Monitoring
C2 Proactive Security Event Discovery
Learning outcomes
Delegates will learn about best practice security monitoring in IT and OT environments, on premise and cloud services, including security information event management (SIEM), to establish a proactive security event management system. An insight into common cyber threats, malicious behaviour profiling and proactive security assessments.
SIEM Processes, Features & Functions
Security & Event Auditing
Anomaly Detection
Anti-malware and evasion
Audit Logs – What to collect from where
Telemetry behaviour patterns
Threat Detection
Intruder behaviour
Insider threat hunting
Common methods of attack
Advanced threats
Security Assessments
Vulnerability management
Social engineering and ethical phishing
Insider threat assessment
Red teams
Module 5 – Response and Recovery
This module helps delegates understand the capabilities to minimise the impacts of a cyber security incident on the delivery of essential services including the restoration of those services where necessary.
This module covers the following NIS Principles:
D1 Response and Recovery Planning
D2 Lessons Learned
Learning outcomes
Delegates will learn about best practice incident management processes for IT & OT systems and services. Prepare and review incident response plans for critical services and dependant systems, including within the supply chain. Crisis management, communication and incident recovery planning preparedness and exercises.
Indicators of attack & compromise
Incident response vs business continuity
Resilience
Incident response plans
Incident response within the supply chain
Post incident recovery (crisis and communications)
Lessons learned & root cause reporting