The fast lane to sustainable awareness
NIS-2 training
2.000+ customers trust in our compliance training – from startups to large corporations
Targeted Training on NIS-2
NIS-2 affects all areas of an organization. Train these areas to implement NIS-2 effectively:
- How does company-wide security work today? What does it mean to be "resilient"?
- What does NIS-2 require — and why does it make perfect sense?
- What is my role as a manager or employee?
In 20 minutes you can teach all the essential content. With individual learning paths
Operational resilience
Operational resilience
- Without any legal requirements: how does company-wide security work today? How can an organization become “digitally resilient”?
- A triad of information security management, business continuity management and third-party risk management.
- Not just for cyber risks, but for all risks that can disrupt the organization's operations.
Key messages:
- Security and digital resilience are not an “IT thing”, but run through all areas of the business.
- Risk management is the be-all and end-all, not only in your own organization, but also along the value chain.
- Despite comprehensive measures, disruptions can always occur, and you have to be prepared for that too.
A glimpse into our e-learning:
The NIS-2 directive
The NIS-2 directive
What does NIS 2 require from affected companies?
- Risk management not only within your own organization but also across the supply chain.
- NIS 2 makes international security standards (ISO 27001, TISAX, etc.) a legal requirement for affected companies.
Key messages:
- NIS 2 is not "just another IT law" but enforces the implementation of international security standards (ISO 27001, TISAX, etc.) in affected companies.
- Companies already following such a standard have most of the requirements in place.
A glimpse into our e-learning:
My responsibilities
My responsibilities
The training differentiates between managers and employees, as they have different roles in implementing NIS 2.
- Managers are responsible for their departments, act as information owners, and serve as role models for their teams.
- Security teams can provide support, but assessing risks in business processes (e.g.,
Business Impact AnalysisBIA ,Risk Impact AssessmentRIA ) can only succeed with the involvement of the respective departments. - Responsibility for implementation does not lie with security or IT but with senior management—and consequently, with every manager.
Key messages (for managers):
- It’s about your information and your responsibility. And it’s about protecting the company from existential threats.
- Support the implementation by allocating time and resources.
- Ensure that everyone in your area understands why this is important.
Prices? Demo? Consultation?
NIS-2 Senior Management Training
Why e-learning won't work.
Management is responsible not only by law, but also in practice. And although we are convinced that our e-learning courses are the best available, we do not offer “NIS-2 Senior Management E-Learning.” Why?
- The senior management of a company is a very small and exclusive circle, usually consisting of 2-7 people. Creating an e-learning course is not cost-effective in this case.
- In our view, this target group is also not suitable for e-learning. The C-level of a company cannot simply be fed information from a lecture, but asks very active questions:
- How far along are we with implementation?
- Have we done this and that?
- How do you assess the risk situation in our company?
- What do we need to do to become NIS 2 compliant?
All these questions can only be answered individually by the respective CISO, not by e-learning and not by an external consultant. That is why we have been recommending to our customers since the beginning of 2025 that they train employees and managers via our general e-learning and train the exclusive circle of senior management personally by the CISO.
In October 2025, the BSI confirmed our view in its guide to executive training under point 1.3:
It is important that not only abstract knowledge is imparted, but that this knowledge always takes into account the individual circumstances of the institution for which the management is responsible. External training providers in particular must take these institution-specific aspects into account, which may mean greater effort. A model in which general content from external providers or service providers is supplemented by specific content taught by internal cybersecurity experts may therefore be useful.
We can offer individual coaching for the CISO or help run in-person training in tandem.
Our information security experts can also support you in establishing an ISMS in accordance with NIS-2.
Complete platform
For mid-sized companies, the NIS 2 training is included in our IS-FOX Awareness Platform. Simply choose licenses, invite participants—done! The rest is fully automated: invitations, reminders, and tracking. That’s how training works today.
Or customized to your needs
Do you have your own Learning Management System (LMS) or require customizations? No problem! Our courses are designed for efficient customization and can quickly become your course—with your contacts, reporting channels, specific requirements… and your logo.
Other courses that might interest you