In the context of Directive (EU) 2022/2555 (NIS 2), the NIS 2 Executive Governance for Management Bodies course enables Boards and Senior Management to address cybersecurity governance, supervision and legal responsibility, aligned with the national framework.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • next edition
Language: available in Portuguese or English
Training: executive, decision-oriented
Exam: 15 min
EXCELLENCE & LEADERSHIP LEVEL — technical authority and leadership in governance.
Why this course exists
To enable management bodies to address the governance and legal responsibility introduced by NIS 2.
Directive (EU) 2022/2555 (NIS 2) has profoundly changed the European cybersecurity model, shifting the focus from technical execution to governance, responsibility and supervision at the highest level of organisations.
This course exists to support Management Bodies, Boards and Senior Management in understanding legal and institutional responsibilities, the framework of the Legal Framework for Cybersecurity, and informed decision-making on governance, risk management and incident response, aligned with the expectations of the national regulator.
What this course enables you to do
Understand
Understand the responsibilities introduced by NIS 2 at top management level and their impact on the organisation.
Frame
Frame cybersecurity as a governance and organisational risk topic, with accountability at the highest level.
Decide
Make informed decisions on priorities, resources and supervision mechanisms in cybersecurity.
Supervise
Interact effectively with technical, legal and compliance functions, ensuring governance and institutional diligence.
Frameworks, standards and best practices addressed throughout the course
Legal Framework for Cybersecurity — national transposition
National regulator guidance and roadmap — CNCS
Cybersecurity governance
Organisational risk management
Board supervision and diligence
Incident notification — 24h / 72h / final report
Operational resilience — executive principles
NCRF — National Cybersecurity Reference Framework, where applicable
Institutional good practices for supervision
Value for the organisation
- Strengthens governance and accountability at Management Body level.
- Improves supervision and strategic decision-making capability in cybersecurity.
- Reduces the risk of legal and sanction-related non-compliance, through a clearer understanding of obligations and responsibilities.
- Aligns with the expectations of the regulator and institutional good practices for cybersecurity governance.
- Provides evidence of diligence and capacity-building by top management, supported by final assessment and Behaviour® certification.
Introduction
The NIS 2 Executive Governance for Management Bodies course is executive training aimed at Boards and Senior Management, focused on the responsibilities introduced by Directive (EU) 2022/2555 (NIS 2) and their application within the national legal framework.
The training adopts an approach oriented towards governance, supervision and decision-making at top management level, aligned with the expectations of the national regulator and institutional good practices in cybersecurity. It is not a technical or implementation course, but training in institutional leadership and responsibility at the highest level.
The training includes final assessment and Behaviour® certification, as evidence of executive capacity-building in cybersecurity governance.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Understand the legal framework of Directive (EU) 2022/2555 (NIS 2) and its application within the national legislation in force.
- Identify the concrete obligations of Boards and Directors under the Legal Framework for Cybersecurity.
- Recognise the legal, financial and reputational risks associated with non-compliance with NIS 2 obligations.
- Interpret the cybersecurity governance model required by the national regulator, namely the National Cybersecurity Centre.
- Make informed decisions on priorities, resource allocation and cybersecurity supervision at top management level.
Target Audience
- Members of Management and Administrative Bodies.
- Directors of functional areas, including IT, Operations, Legal, HR and Finance, among others.
- Professionals with management and supervision responsibilities, first line of defence.
Prerequisites
There are no mandatory formal prerequisites. However, professional experience in management, direction or supervision roles is recommended, as well as prior exposure to regulated organisational contexts.
In addition, other specific requirements may apply, where relevant, depending on the quotation or proposal presented. Please consult the applicable proposal.
Programme
Opening and strategic context
- Framework of NIS 2 and its impact on governance
- From technical cybersecurity to top management responsibility
- Regulator expectations regarding Management Bodies
Regulatory evolution and NIS 2
- Evolution from the NIS Directive to NIS 2
- Relationship with other European frameworks, including DORA, CER and CRA
- Strengthening the role of the Board in cybersecurity governance
- Operational resilience from an executive perspective
Scope of application and qualification
- Essential entities, important entities and relevant public entities
- Qualification criteria and regulatory framework
- Practical implications for the organisation
- Relationship with the national regulator
Responsibilities of Management Bodies
- Non-delegable obligations of the Board
- Approval, supervision and monitoring of cybersecurity measures
- Training, organisational culture and individual responsibility
- Legal, financial and reputational impacts of non-compliance
Cybersecurity risk management system
- Risk governance model required by the regulator
- Proportional and risk-based approach
- Supply chain and third-party risk
- Role of the Board in risk supervision
Incidents, notification and supervision
- Concept of significant incident
- Notification obligations and legal deadlines
- Relationship with competent authorities
- Supervision and enforcement powers
Penalty regime and organisational impact
- Fines and application criteria
- Ancillary sanctions and corrective measures
- Reputational impact and governance effects
- Certification as evidence of Board diligence
Exam(s) and Certification
Exam “NIS 2 Executive Governance Certification”
The exam assesses the knowledge acquired throughout the training, focusing on governance, Board responsibility and supervision in the NIS 2 context.
- Domain 1: NIS 2 fundamentals, objectives and scope
- Domain 2: Responsibilities of Management Bodies and governance model
- Domain 3: Cybersecurity risk management and supervision
- Domain 4: Incidents, notification, penalty regime and organisational impact
Language(s): Portuguese and English.
Duration: 15 minutes.
Format: Multiple choice.
Number of questions: 10.
Pass mark: 60/100 points.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Results: Pass or Fail.
Certification
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves the credential NIS 2 Executive Governance Certification, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.
The certification attests that the holder has acquired structured knowledge of the NIS 2 legal framework, the responsibilities of Management Bodies and Directors, and the principles of cybersecurity governance and supervision required by the Legal Framework for Cybersecurity, in alignment with the guidance of the national regulator.
The personal certification programme NIS 2 Executive Governance Certification is developed and maintained in accordance with the international standard ISO/IEC 17024.
Certification programmes are valid only for individuals, not companies, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.
If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Online training materials available in Portuguese or English, with online access, in accordance with the awarded conditions.
- Methodology oriented towards governance, supervision and decision-making, suitable for an executive and non-technical profile.
- Behaviour digital Training Attendance Certificate with 4 CPD/CPE credits.
- Online Certification Exam, in Portuguese or English. The exam is taken at the end of the training.
- Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process. This process has no associated cost.
Trainer(s)
The trainers are consultants and auditors with experience in cybersecurity, governance, risk and regulatory compliance, with particular focus on NIS 2, cybersecurity governance and institutional frameworks in the public and private sectors.
Benefits
View benefits
- Training specifically designed for Management Bodies, Boards and Senior Management, taking into account the responsibilities introduced by NIS 2.
- Approach oriented towards governance, supervision and decision-making, in line with the legal and regulatory expectations applicable to top management.
- Clear, non-technical and legally rigorous language, suitable for decision-makers and aligned with the Legal Framework for Cybersecurity.
- Alignment with the national regulator and institutional good practices for cybersecurity governance, in accordance with CNCS guidance.
- Final assessment and Behaviour® certification included, as evidence of consolidation of executive knowledge in cybersecurity governance.
Logistics
Useful information
- Live Online (synchronous time): 09:00–13:00 (Lisbon time), with one short break.
- Classroom (synchronous time): 09:00–13:00 (Lisbon time), with one short break.
- 4h of synchronous training, half-day training.
- Requirements: computer with stable internet, updated browser, PDF reader and audio/video.
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.
Frequently Asked Questions
Objective answers to the most common questions about the NIS 2 Executive Governance for Management Bodies course.
Do I need technical knowledge to participate?
No. This is executive training, oriented towards governance and responsibility. It does not require technical cybersecurity knowledge.
Does this course replace NIS 2 training for technical teams?
No. This course is aimed at Boards and Senior Management and focuses on legal responsibility, supervision and decision-making. Training for technical/operational teams should be delivered through specific pathways appropriate to their role.
What is the main focus of the session?
The focus is the non-delegable responsibility of Management Bodies, the required governance model, risk supervision and informed decision-making in the NIS 2 context.
What can I do in practice after this course?
After the course, the participant can supervise the cybersecurity programme with criteria, understand obligations and risks, make informed decisions and engage with technical, legal and compliance teams, ensuring institutional diligence.
What does this course not cover and when should I progress to another pathway?
This course does not cover technical implementation or project execution. Whenever the organisation needs to lead implementation and demonstrate compliance, the recommended pathway is a NIS 2 compliance/programme leadership course for GRC, Compliance or CISO roles.
How does this certification contribute to the responsibility and diligence of Management Bodies?
This certification is formal evidence of top management capacity-building in cybersecurity governance and NIS 2. It demonstrates that Management Bodies have acquired structured knowledge of their legal responsibilities, supervision model and informed decision-making, strengthening institutional diligence, without replacing compliance with applicable legal obligations.
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
This course may be attended by individual professionals. It may also be integrated into programmes aimed at management bodies and executive leadership with supervision, decision-making, risk and accountability responsibilities in the NIS 2 context.