The new EU Directive on the Security of Network and Information Systems (NIS 2) significantly raises the bar for cybersecurity across the EU. With its transposition into Slovenian law through the new Information Security Act (ZInfV-1), organizations face stricter obligations, broader oversight, and higher penalties for non-compliance.

This course provides a comprehensive overview of the NIS 2 Directive, its implications for essential and important entities, and the practical steps organizations must take to ensure compliance. Through expert-led sessions, participants will gain clarity on legal requirements, risk management strategies, and best practices for implementing robust cybersecurity measures.

Whether you're responsible for information security, risk management, or regulatory compliance, this course will help you prepare your organization for the challenges and responsibilities introduced by NIS 2.

Target Audience:

• Directors and executive managers
• Information security officers (CISOs)
• Risk managers and compliance officers
• Process owners and IT administrators
• Internal and external auditors
• Legal and regulatory professionals in critical sectors

In this course you will learn:

• Understand the purpose and scope of the NIS 2 Directive and the updated ZInfV-1 legislation
• Identify which organizations are considered essential or important entities under the directive
• Learn how NIS 2 will impact your organization’s cybersecurity obligations
• Explore key compliance activities and technical, operational, and organizational measures
• Gain insights into incident response, reporting duties, and supervisory enforcement
• Discover practical recommendations and examples of good practices for implementation

Course Overview:

The new Information Security Act (ZInfV-1), which transposes the EU NIS 2 Directive into Slovenian law, introduces a comprehensive and binding cybersecurity framework for a wide range of public and private sector organizations. This course is designed to help decision-makers and key personnel understand their new legal obligations and prepare their organizations for compliance.

Participants will gain a clear understanding of:

• Who qualifies as an essential or important entity under the law and what that means in practice.
• Governance responsibilities of directors and senior management, including mandatory training and oversight of cybersecurity measures.
• Risk management obligations, including the implementation of technical, operational, and organizational controls.
• Security documentation requirements, such as policies, continuity plans, incident response protocols, and risk assessments.
• Incident reporting duties, including timelines, procedures, and coordination with CSIRTs and national authorities.
• Supervisory and enforcement mechanisms, including inspections, audits, and potential penalties for non-compliance.
• Sector-specific expectations, especially for critical infrastructure, digital service providers, and public administration bodies.
• The course will also cover practical steps for implementing a compliant cybersecurity management system, aligning with the latest European standards and best practices.

There are no prerequisites for this course.

This course offers no formal certification