Now it's getting specific: What you really need to know as a company
The NIS2 Directive is about to be implemented: the Bundestag has given its approval—and by Christmas at the latest, it will symbolically be „under the tree.“.
For you and your company, this means: Now it's getting serious.
In my webinar on December 10, 2025, at 10 a.m. you will receive clear guidance on the three key topics:
- NIS2 basics: What the directive means for your company – and how to get started pragmatically
- Management training courses: Why they are mandatory and how they bring real added value
- Attack detection systems (SzA): What is „appropriate“ – and how to find the right solution
The core topics in detail
1. NIS2 basics – What you need to know now
NIS2 affects far more than just the IT department.
The guideline requires you to:
- Control by company management
- structured risk and security management
- clear responsibilities
- controlled supply chains
- documented processes and measures
You must be able to demonstrate that you are aware of risks, assess them, and deal with them appropriately—and that your protective measures are commensurate with the need for protection.
A ISMS provides a solid foundation for this.
In the webinar, I will clarify whether you absolutely need your own ISMS software for this—or whether you can start more pragmatically.
2. Management training—both an obligation and an opportunity
NIS2 mandates training for management.
The BSI recommends at least four hours—and for good reason.
As management, you must understand:
- What risks you are responsible for
- What reporting requirements apply?
- What liability arises?
- How you manage risk
These training courses are much more than just a mandatory event.
They create clarity, increase decision-making ability, and strengthen the security level of your entire company.
In the webinar, I will show you what such training courses can look like and what added value they bring.
3. Intrusion detection systems (IDS) – What is „appropriate“?
NIS2 requires the reporting of security incidents—for this, you need SzA.
But does that automatically mean a complete SOC?
No.
The right solution depends on:
- your risk
- the criticality of your processes
- your IT structure
For some companies, a hardened logging and monitoring approach.
Others require MDR/XDR services or a 24/7 monitoring.
The goal is not maximum technology—but rather maximum effectiveness at reasonable cost.
In the webinar, you will receive specific examples and decision-making logic.
Webinar: NIS2 – Clear guidance instead of uncertainty
I'll give you a concise, easy-to-understand overview:
- What NIS2 really requires
- What you should tackle immediately
- How to get started in a meaningful way
- What really matters in practice
From the perspective of a CISM, ISMS consultant and BCM practitioners.
If you haven't tackled NIS2 yet, you'll receive clear guidance.
If you have already started, you will receive valuable inspiration for your next steps.
