When: 28/11/2024, 1:00 - 2:30 PM EET (1 hour training and 30 min. discussion, Q&A)

Where: Jogailos 9, Vilnius, Lithuania and ONLINE

What: Training on NIS2, DORA, and GDPR

Who: presented by ECPA co-founder and board member Miglė Petkevičienė & Ignas Sidaras, cyber security expert and certified information security auditor, Expert at Ellex

In today's increasingly interconnected digital landscape, compliance with cybersecurity regulations is no longer a mere formality; it is an essential component of business strategy and resilience.

This ECPA training session will provide an overview of the key cybersecurity regulations—NIS2, DORA, and GDPR—that European companies face. We will discuss which companies are affected by each regulation, emphasize the integration of cybersecurity risk management in company operations, and outline critical compliance components like documentation, incident reporting, and supply chain requirements. Understanding and implementing these measures not only helps companies avoid penalties but also strengthens organizational security and trust in a digitally-dependent world.

This session is designed for compliance professionals looking to gain actionable insights on how to align their organizations with current and emerging cybersecurity compliance standards and build a more secure and resilient framework for their operations.

Program Outline:

1. Introduction to Cybersecurity Compliance Landscape

◦ Overview of NIS2, DORA, and GDPR.

◦ Key drivers and objectives behind each regulation.

◦ Why cybersecurity regulations are increasingly central to operational integrity and compliance in Europe.

2. Regulatory Applicability and Scope

◦ Objective: Clarify which companies and sectors are affected by each regulation. ◦ Key distinctions between NIS2, DORA, and GDPR regarding organizational size, sector, and geographical reach.

◦ Sector-specific considerations (e.g., financial sector focus in DORA vs. broader application in NIS2).

3. Integrating Cybersecurity Risk Management into Core Activities

◦ Objective: Explain the importance of embedding cybersecurity in organizational risk management processes.

◦ Overview of how each regulation promotes proactive cybersecurity risk management.

◦ Practical approaches to risk assessment, monitoring, and mitigation.

◦ Business benefits of a robust cybersecurity risk management framework beyond compliance.

4. Mandatory Cybersecurity Governance Documentation

◦ Objective: Outline documentation requirements for regulatory compliance and organizational resilience.

◦ Key governance documents required under NIS2, DORA, and GDPR (e.g., cybersecurity policies, risk assessments, data protection impact assessments).

◦ How effective documentation supports regulatory compliance and enhances security governance.

5. Incident Reporting Obligations

◦ Objective: Clarify incident reporting obligations and timelines under each regulation.

◦ Reporting timelines, thresholds, and authorities to notify for each regulation.

◦ Role of incident reporting in organizational resilience and regulatory alignment.

6. Supply Chain Cybersecurity Requirements

◦ Objective: Emphasize the importance of managing cybersecurity risks in the supply chain.

◦ Key supply chain security requirements under NIS2, DORA, and GDPR.

◦ Strategies to ensure compliance and maintain cybersecurity across third-party relationships.

Register here.