SC170: NIS2, ITSiG, CRA - What should we prepare for in terms of Cybersecurity and Regulation?

Agenda:

Day 1: Cyber Regulation in Europe – where do we stand?

• 12:30 Arrival and joint lunch

• KRITIS
  • From NIS1 to NIS2
    • Who is affected?
    • What needs to be done?
    • What applies to Digital Services?
  • From ITSiG 2.0 to ITSiG 3.0 – what does the legislator plan?
  • KRITIS umbrella law

• Products
  
  • Cyber resilience act
  • Cyber security act
  • Cyber security in product regulation
    • Product liability directive – what changes?
    • Product safety directive – everything as before?
    • Machinery directive – this too!

• Criminal liability of hack-back and lessons of the day

• 18:30 Joint dinner

DAY 2: Application scenarios and case studies

• 09:00 Tooling for risk management: DriveLock in practice

• How do I develop my cyber governance?
  • Case studies
    • Case study 1: Cyber incident and crisis management
    • Case study 2: Management liability
  • Practical conclusions / action recommendations

• Plenary – initial results

• What do I change in vendor management?
  • Case studies
    • Case study 3: IT procurement and auditing
    • Case study 4: Contractual liability coverage and insurance
  • Practical conclusions / action recommendations

• Plenary – further results

• Summary

• Joint lunch / departure

Objectives:

• Understanding of regulatory changes
• Determination of corporate action needs
• Impacts on product management, compliance, and governance structures

Target audience:

• Board Members and CEOs
• Decision Makers for Cybersecurity
• Compliance Officers

Prerequisites:

•  Basic knowledge of IT security law is helpful but not mandatory

Description:

Cyber risks and resilience have now become central topics at the board and executive management level. With NIS2 and the Cyber Resilience Act (CRA), two laws are on the cheduled for 2024/2025 that will lead to significant changes across the corporate landscape. Our Noon2Noon format brings you up to date, explores application scenarios, and promotes experience exchange at the decision-maker level in a secure environment.

The European NIS2 directive expands the CRITIS and the obligation catalog for critical infrastructure operators for effective risk management. The IT Security Act will be adjusted by October 2024. The new obligations apply directly to critical infrastructure operators, who will accordingly involve their suppliers. Providers of digital services are also increasingly in the focus of regulation. The CRA extends cyber regulation to the product level. As early as 2027, products with digital elements may be required to offer security by design and vulnerability management throughout the entire lifecycle.

• What is new and what must companies prepare for in a short time?
• What additional cyber requirements arise from new rules on product liability, product safety, and the Machinery Regulation?

In our PREMIUM workshop SC170 NIS2, ITSiG, CRA - What must we prepare for in cybersecurity and regulation?, we discuss the new developments with you in an interactive format, determine action needs in concrete case studies, and enable experience exchange with experts and decision-makers.

Other Info: