CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionCompliance
NIS2 Directive
EU directive on the security of network and information systems — revised version.
The NIS2 Directive (2022/2555) significantly expands the scope of NIS1. It covers 18 sectors (energy, transport, banking, healthcare, water, digital infrastructure, etc.) and imposes cybersecurity, incident reporting, and governance obligations. Member states had to transpose it by October 2024. It applies to essential entities (EE) and important entities (IE). Senior management is personally liable for NIS2 compliance — a major new feature compared to NIS1.
📌 Key points
- 18 sectors covered — scope 4× broader than NIS1
- Essential entities (EE) vs important entities (IE) — differentiated obligations
- Personal liability of senior management in case of non-compliance
- Incident notification: 24h (early warning) and 72h (intermediate report)
- Late national transposition in several member states — verify local law
Related certifications
These certifications cover the concept of "NIS2 Directive" in depth.
CRMA· IIA
Certification in Risk Management Assurance (IIA)
IIA’s CRMA specialises audit on risk management (ERM, COSO ERM 2017, Three Lines Model). Single 10-week exam path.
🔗 Related concepts
ComplianceComplianceFrameworksFrameworksFrameworks
DORA Regulation
Digital Operational Resilience Act — EU regulation on digital operational resilience.
GDPR
General Data Protection Regulation — the European framework for personal data protection.
ISO 27001
The international standard for Information Security Management Systems (ISMS).
NIST CSF
NIST Cybersecurity Framework — the US reference for managing cyber risks.
GRC Platform
Integrated software to manage Governance, Risk, and Compliance in one place.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.