This course provides an in-depth overview of the NIS2 Directive, clarifying the legal and organizational obligations for companies operating in critical areas. The required responsibilities, compliance criteria, and governance and security implications of OT and information systems will be analyzed.

One of the key aspects is the integration between the regulatory requirements of NIS2 and major international technical standards. The course guides participants in creating synergies between the directive and frameworks such as ISO/SAE 21434 (automotive security) and IEC 62443 (cybersecurity for industrial systems) to ensure a consistent and integrated approach to security.

Participants will learn how to use risk assessment methodologies specific to OT/embedded environments, such as Threat Analysis and Risk Assessment (TARA). The goal is to operationalize risk management by identifying vulnerabilities and threats and defining effective mitigation measures.

Security cannot be a late addition-it must be an integral part of the design. This course shows how NIS2 can become a lever for introducing security-by-design criteria, helping to develop architectures and solutions that are secure early in the system life cycle.

Effective cybersecurity governance requires tools for monitoring, tracking and control. This course addresses practices and organizational models to ensure continuous security oversight, in line with NIS2 requirements, fostering incident response readiness and operational resilience.