The objective of this pilot session is to collect feedback on a
training for OES employees, developed as part of the Action
The session will take place on Tuesday, April 25, from 09:30 to 16:30, in parallel to the main conference.
A NIS Implementer is a coordinator or conductor, the contact
person, who by his/her systemic vision knows how to solicit the
experts of each element of the system to ensure compliance with the
NIS Directive in an organisation.
He/she participates in the sense of coordination and the ability to judge the completeness of a task as a whole (and not in details), he/she coordinates the implementation and does not necessarily have to be the performer of a task (role of a project manager).
He/she does not have to take the place of certain experts even though he/she can of course have operational expertise on some of the tasks concerned by the function.
The NIS Implementer has a duty of accountability that the various processes identified by the NIS Directive are well respected and applied by the various experts that it coordinates.
Need for authority in the company, and even possibly a maximum of independence.
This function can be performed by several people (except in small structures).
Description of the training
Based on a competency framework established in cooperation with experts in the field, the training offers three modules:
- Risk management
- Incident management
- Implementation of security measures
An exam, aiming to check if main concepts are understood and if the trainee can easily find information, will close the session.
- Training scheme for OES/DSP employees to comply with the requirements of the NIS Directive.
- Give useful resources.
- Based on a competency framework defining the knowledge, skills and behaviours required for a NIS Implementer.
Jocelyn AUBERT, Research & Technology Associate, Luxembourg Institute of Science and Technology (LIST)
Hervé CHOLEZ, Research & Technology Associate, Luxembourg Institute of Science and Technology (LIST)
The session will take place on Wednesday, April 26, from 11:30 to 15:15, in parallel to the main conference.
Description of the training
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
The MISP training will demonstrate how the platform functions; explain how to share, comment and contribute data, and describe the future developments.
The purpose of the NISDUC MISP training is to explore how MISP can be used to interact with systems of regulators and how to ease reporting towards regulators via MISP.
Alexandre Dulaunoy, Head of Computer Incident Response Center Luxembourg (CIRCL)
Gérard Wagener, Operator, Computer Incident Response Center Luxembourg (CIRCL)