Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

All you need to know about the new NIS2 Directive

The new NIS2 directive that went into force on January 2023 is going to impact a wide array of organisations as national governments strive to create national legislation by October 17th of 2024. SANS and our instructors have created this hub to serve as a source of information on all you need to know about this new directive as well as resources, infographics, checklists you can use to help prepare yourself and your organisation for this new NIS2 directive.

Discover SANS SolutionsSpeak to an Advisor
DORA

Navigating DORA and NIS2 Compliance for Financial Sector Organisations in the EU

Catch-up on this Q&A webcast session with SANS’ Brian Correia and ENISA’s Senior Cyber Policy Expert, Jurgita Skritaitė which took place on 13th May 2025. In this session we covered:

  • Who falls within scope (including global providers)
  • Key deadlines, enforcement, and jurisdictional reach
  • Practical steps to support operational resilience and third-party compliance
WatchRead Summary
Person watching webcast on screen

NIS2 Directive Awareness and Readiness Report: a SANS Survey

SANS recently conducted a survey on global organisations' awareness and preparedness for implementing measures as a result of the new EU regulation NIS2. Our newly released white paper not only highlights findings on organizational readiness and awareness, but also offers insights into modern threat capabilities and provides actionable recommendations for effective compliance strategies and training requirements. We also hosted a webinar on October 28th during which co-author Bojan Zdrnja took viewers through the report findings and SANS recommendations.

Download ReportWatch the Webinar
Person looking at resources on an iPad

Difference between NIS & NIS2

The NIS Directive, adopted in 2016, was the first EU-wide legislation on cybersecurity. Its main goal was to establish a common level of security for network and information systems across the European Union. The NIS2 Directive is an updated and more comprehensive version of the NIS Directive, aiming to address the shortcomings of the original legislation and to adapt to the evolving digital landscape. We’ve listed the most important differences between these two directives in a useful infographic.

Click to view full infographic
Person reading poster

Am I considered essential or important under NIS2?

Industries & Entities considered essentialIndustries & Entities considered important
Energy Digital providers
Transport Postal and courier services
Banking Waste management
Financial market infrastructure Food
Healthcare Chemicals
Drinking water Research
Digital infrastructure Manufacturing
Managers of ICT services
Wastewater
Government services
Aerospace

Essential entities:

  • are large organisations operating in a sector listed in the left column above

Important entities:

  • are medium-sized organisations operating in a sector listed in the left column above and medium and large organisations operating in an industry listed in the right colum above.

An organisation is large based on the following criteria:

  • a minimum of 250 employees or;
  • an annual turnover of €50 million or more and a balance sheet total of €43 million or more.

An organisation is medium-sized based on the following criteria:

  • 50 or more employees or;
  • an annual turnover and balance sheet total of €10 million or more.

Mapping Your Path Using The ECSF And NIS2

The European Cybersecurity Skills Framework (ECSF) is a practical tool to support the identification and articulation of tasks, competencies, skills and knowledge associated with the roles of European cybersecurity professionals. To enable you to see which skills are required for these roles and what courses and exercises might help you obtain these skills, we have created an easy-to-use mapping tool for you to discover your potential next training opportunity.

View The Mapping ToolLearn More About The ECSF
DORA

What You Need to Know about the NIS2 Directive: Part of the SANS Compliance Countdown Series

Join ENISA, the European Union’s Agency for Cybersecurity, to learn how to prepare for NIS2 incident reporting and security measure requirements, what it means for organizations doing business in the EU, and the skills needed for compliance across critical sectors.

Part A - General introduction to the NIS2

• Main pillars of the NIS2 Directive

• Requirements for companies in critical sectors

• NIS2 Incident reporting and security measures

Part B - Cybersecurity skills for the NIS2

• ENISA cybersecurity skills framework

• Mapping skills to the NIS2

Marnix Dekker, Head of Sector NIS answers your questions to make sure you are as best prepared as possible to comply with the new requirements by October 17th, 2024.

DORA
Empowering Cybersecurity Excellence: Certifications as the Keystone of NIS2 ComplianceBeyond Compliance: Leveraging NIS2 for Enhanced Cyber Resilience and Leadership AccountabilityNIS2: Transforming SOC Challenges Into OpportunitiesThe NIS2 Mandate: What Every Organization Needs to Know

From the Experts

These new regulations reinforce a crucial tenet that we at the SANS Institute have long embraced: effective cybersecurity starts with skilled people first.
John Pescatore

How can SANS help prepare for NIS2?

SANS offers a variety of solutions that will help you prepare and comply with this new directive. Ranging from skill and risk assessments to cross-company security awareness training or individual role-based training and certification, we have a solution for your challenges.

Training & Certification

SANS Training and GIAC Certifications helps organisations develop and validate the required capabilities needed to comply to NIS2

Discover More

Skill & Risk Assessment

Gauge your organisation’s understanding of how to prevent cyber security attacks and provide better evidence of the effectiveness of your security awareness program.

Discover More

Security Awareness

Culturally relevant, effective, and easy to implement, SANS’ EndUser Training solutions help build a truly mature security awareness program and security posture.

Discover More

Role-Based Training

Each role requires a very specific skill-set. SANS offers industry-leading training for each role within your cybersecurity team.

Discover More

Executive Cyber Exercises

Presented in an immersive, interactive environment, stakeholders must enact each step in their crisis management plan in response to a simulated cyberattack. Program participants practice and prepare for a real-life cyber event.

Discover More

In-Depth Critical Infrastructure Exercises

In collaboration with our expert Faculty members, SANS is able to set-up in-depth exercises tailored to your industry and/or situation to help you prepare for NIS2 whether you operate within critical infrastructure, government, or other sectors.

Discover More

Elevating Cybersecurity: The SANS-ISS Partnership and the Future of Cyber Resilience

In this case study, explore how ISS, a global facility services provider, collaborates with SANS to enhance its cybersecurity capabilities across 28 countries. The video delves into the challenges of unifying diverse IT and security departments and highlights the critical role of ongoing training to adapt to rapid technological and criminal developments. Through firsthand accounts, learn about the implementation of the SANS maturity model, the strategic benefits of SANS training programs, and how ISS is leveraging this partnership to boost corporate resilience and attract top talent in cybersecurity. Discover the pivotal role of human factors in cybersecurity and how ISS is strengthening its defenses not just technologically, but also through skilled and certified personnel.

Secure Compliance Globally

NIS2 is just one of many recent regulations that will have global repercussions. The recent US SEC ruling on Incident Reporting and Management oversight and the DOD 8140.3 ruling, all have implications for organisations and government instances on a global level.

Person looking at resources on an iPad

Speak to a SANS advisor

We would like to ask you to fill out your details below and one of our SANS advisors will reach out to you directly. Feel free to provide further detail on your questions in the “Message” box as this will help the advisor better tend to your questions.