Stay updated on our activities
Cybersecurity Policies and Practices in the EU – for non-IT Experts
This training focuses on the policy aspects of cybersecurity, covering cybersecurity standards in the EU, how to adopt them and put them into practice.
This unique programme brings together the experience of cybersecurity, security, EU policy and public administration experts to provide a practical understanding of the challenges related to designing and implementing cyber-proof policies within organisations and sectors.
It covers the current challenges related to non-technical aspects and some guidelines for Data Officers to have an awareness of responsibilities and measures that they can implement. The interplay between cybersecurity and AI will also be part of the discussion and the learning process.
The training is designed specifically for non-IT professionals, with the objective of providing participants with the knowledge and skill set necessary to deal confidently with cybersecurity measures within their sectors and organisations.
Over the past decades, the internet and information and communication technologies (ICTs) have had a profound impact on our daily lives, becoming an integral part of our institutional and social fabric. The supply of critical services across many sectors, including emergency and security services, health, water and food, energy and electricity, banking and finance, commerce, transportation, communications and education is now heavily reliant on ICTs. Our reliance on the internet and digital technologies makes us more vulnerable to new threats, including cybersecurity attacks. These threats put the provision of critical services, as well as the EU’s economies, at risk and ultimately compromise the security and fundamental rights of EU citizens.
Breaches of information security are a major threat to the functioning of our society, jeopardising public services, businesses and the economy. Under the EU regulatory framework (e.g. GDPR, NIS2, Cyber Resilience Act, DORA) our cybersecurity risks need to be evaluated. Security controls need to be implemented in the information systems of our infrastructures where all procedures, personal data, people and objects are stored and exchanged in a secure manner. To plan and implement efficient security policies and to comply with the EU regulations, public authorities, organisations and professionals need to raise their cybersecurity awareness and fully develop the necessary skills. Professionals need to be aware of the various cybersecurity standards (e.g. ISO 27001, ISO 27005, ISO 28000, ISO 15408) and procedures that can help them to become compliant with the EU regulations and protect their daily work, organisation and sector.
In this course you will learn about:
- cybersecurity: fundamental concepts and knowledge;
- legal and policy aspects of cybersecurity in the EU: EU directives, guidelines, regulations, initiatives;
- assessing cybersecurity risks: identifying threats, vulnerabilities and impact, in various critical sectors including emergency, health, water and food, energy and electricity, banking and finance, commerce, transportation, communications and education;
- cybersecurity management and governance: bodies involved, processes and policies to manage cyber risks;
- crisis communication, business continuity and disaster recovery planning;
- prevention: the components of comprehensive cybersecurity policies;
- formulating policies to strengthen cybersecurity resilience: how do I design policy measures to make my sector or organisation cyber resilient?
Course methodology
The delivery of our online training programmes is planned to follow the input of our online pedagogy specialists, to provide you with a high quality and effective educational experience.
In this online training, we adopt a comprehensive approach combining an in-depth overview of the legislative and policy considerations to be taken into account when formulating cyber-resilient measures, and practical training.
Module 1 focuses on the regulatory cybersecurity framework and ecosystem. It offers the legal and policy dimension of cybersecurity in Europe providing you an in-depth overview of the fundamental concepts in cybersecurity to understand relevant EU directives, guidelines and regulations and how implement them within a cybersecurity framework.
Module 2 will offer you practical training on how to design and implement cybersecurity policies and practices to protect your daily work, organisation and sector.
This course will help you to further your understanding of EU cybersecurity policies and practices, in addition to providing you with excellent practical knowledge and hands-on training regarding cybersecurity vulnerabilities, threats, prevention and policies.
All the sessions of this course are live streamed, through a secure connection, to facilitate real-time interaction with our experts and other participants.
We will provide practical guidelines and use case studies, good practices and hands-on simulation exercises to allow you understand, design, adopt and implement good cybersecurity measures in your work, organisation and sector.
After this training, you will be able to use all the materials, and case studies for your work.
At the end of the course, you will receive a certificate of attendance.
Recent reports warn us about cybersecurity skills gaps among non-IT experts across all sectors in the EU, including public officials, lawyers, administrative staff, healthcare professionals and database managers.
The course is relevant for public officials, legal practitioners, database managers and professionals in the private sector. Whether you are a policymaker, interested in incorporating cyber resilience in your policies, or a professional who wants to make their work and organisation safer, this training is designed for you.
Project number: 2411507
Online Course
For this online course we make use of Zoom
Senior Project Officer
Ms Eveline Hermens
Tel: +31 43 3296259
e.hermens@eipa.eu
Discounts
EIPA member fee
EIPA offers a discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency
Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden.
For all other participants, the regular fee applies
Early bird discount
The early bird discount is not cumulative with other discounts or promo codes, except for the EIPA member fee.
Loyalty coupon
As a token of appreciation we offer all our participants a loyalty coupon for one of our future courses. The offer can be shared with colleagues and relevant networks. The coupon will expire one year after its release. This discount is not cumulative with other discounts, except for the EIPA member fee.
Confirmation
Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.
Payment
Prior payment is a condition for participation.
Cancellation policy
For administrative reasons you will be charged € 50 for cancellations received within 7 days before the activity begins. There is no charge for qualified substitute participants.
EIPA reserves the right to cancel the activity up to 1 week before the starting date. In that case, registration fees received will be fully reimbursed.
A few days before the start of the course you will receive the log-in details for accessing the course materials. You can log in here.
Download the brochure
I have a question
Our experts
Programme
Module 1: The issue of cybersecurity – European challenges and standards | |
09.45 | Welcome and introduction to the online seminar Florina Pop, Senior Expert/Data Protection Expert, EIPA, Maastricht (NL) |
10.00 | The EU cybersecurity threat landscape
|
10.45 | Break |
11.00 | The EU regulatory cybersecurity frameworks NI2, GDPR, Cyber Resilience Act, Cybersecurity Certification Act, DORA Boryana Hristova, Team Leader – NIS Team, at European Commission, DG Communications Networks, Content and Technology, Cybersecurity and Digital Privacy (BE) (TBC) |
11.45 | Q&A |
12.00 | The EU cybersecurity ecosystem Basic definitions and concepts; EU cybersecurity stakeholders (e.g. ENISA, CSIRT network, NIS Cooperation Group, EU cybersecurity agencies, the European Cybersecurity Competence Centre, European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism to create a better cyber defence method) Clarissa Cecchi, Cybersecurity Officer EEAS (BE) (TBC) |
13.00 | Q&A |
13.15 | Lunch break |
14.00 | Developing and implementing a cybersecurity framework (including case study) Risk management, governance and policies. How to conduct a risk assessment, the role of cybersecurity policies are within organisations. An overview of standards and frameworks you can use, e.g. ISO 27001, NIST etc. Brian Honan |
15.30 | Q&A |
15.45 | Concluding remarks |
16.00 | End of Module 1 |
Module 2: Cybersecurity in practice | |
9.00 | Non-technical challenges – People: the weakest cybersecurity and privacy link (including practical scenario) The relations between human activity, cybersecurity and privacy will be explored. Examples of breaches related to human actions will be presented: In particular intentional and not intentional cybersecurity threats and attacks and their impacts to the organisations. Brian Honan |
10.00 | Break |
10.15 | Master Class: I am a Data Protection officer: what are my responsibilities? Florina Pop |
11.15 | Q&A |
11.30 | Cybersecurity Incident Handling Incidents can disrupt an organisation, businesses and supply chains; business continuity plans and disaster recovery plans will ensure that organisations can respond and continue their operations. Examples from governmental disruptions. Karolina Kozłowska, Cybersecurity Expert, ENISA (TBC) |
12.15 | Q&A |
12.30 | Lunch break |
13.30 | Cybersecurity and AI Philipp Amann, Group CISO Österreichische Post AG (TBC) |
14.15 | Q&A |
14.30 | Break |
14.45 | Private and Public Partnerships in Cybersecurity How the public sector entities collaborate with private companies to enhance cybersecurity? Muyiwa Olufon, Senior Director, Global Information Security Nike Inc.(NL) TBC |
15.45 | Concluding Remarks |
16.00 | End of Module 2 and the course |