Cybersecurity Governance Essentials

This summer school provides essential guidance to help you understand these obligations and build a strong foundation in cybersecurity governance. The Network and Information Security Directive 2 (NIS2) sets a firm expectation for EU Member States to strengthen their cybersecurity frameworks. External stakeholders for this exercise include organisations that need to understand compliance and other cybersecurity governance frameworks and regulations including  e.g. The Irish National Cyber Security Centre (NCSC) and Cyber Ireland, the EI funded Cyber industry cluster. 

The Cybersecurity Governance Essentials 2025-2026 summer school, hosted by the TUS and colead by IPCA and HAMK, is an opportunity for you to master the fundamentals of cybersecurity governance in just one week. 

The Network and Information Security Directive 2 (NIS2) sets a firm expectation for EU Member States to strengthen their cybersecurity frameworks. Under Article 41, countries were required to implement their national laws to comply with the directive by 17 October 2024 and to apply them from 18 October 2024. While the directive aims to bring greater consistency and resilience across the EU, several Member States have missed the implementation deadline—highlighting both the urgency and the ongoing challenges of effective cybersecurity governance. 

This intensive summer school programme will equip you with practical skills to navigate risk management, compliance, policy development, and organisational security strategy. The course blends lectures, case studies, and hands-on exercises to build a solid foundation in governance frameworks and recent regulations (e.g. NIS2, DORA, CRA). Ideal for those entering or advancing in cybersecurity roles, legal, or IT management and Frameworks NIST2, MITRE, Cyber Killchain.

Guided by current and soon to be implemented European union regulations for cybersecurity governance such as NIS2, DORA, CRA, the aim of the programme is to give the learner the ability to: 

  • Identify policies relevant to each Country / Organisation
  • Recognise standards, frameworks that map to the policies
  • Explore National regulations and laws
  • Explore organisation policies
  • Apply Correct Standards/Best practices to achieve Compliance
Date:

15th of June 2026 to 19th of June 2026

Language of instruction:

English

1 ECTS credit
Academic recognition:

Academic recognition may be granted at the home institution according to local regulations.

Eligible participants:

Business or Technology program undergraduates or postgraduates of RUN-EU member institutions who have a general interest in Cybersecurity and/or a particular interest in Cybersecurity risk and governance. 

How to apply:

Application for this product is not yet possible.

Proposed application opening date: 27th of February 2026

Programme at a glance

Face-to-face Week (in person)
15 Jun - 19 Jun 2026 :
TUS Athlone Ireland
MONDAY
09:00 – 09:30: Check-in
09:30 – 10:00: Welcome and Ice Breaking
10:30 – 13:00: Launching the Challenges with Coffee break
13:00 – 14:00: Lunch Break
14:30 – 16:00: Lecture1: Applicable Legislation for Cybersecurity
16:30 – 17:00: Cultural Activity

TUESDAY
09:00 – 13:00: Lecture2 CIS, COBIT, ISO/IEC, NIST Frameworks with Coffee break
13:00 – 14:00: Lunch Break
14:00 – 15:00: Shared experiences from Industry
15:00 – 16:30: Workshop 1 – How to use these frameworks

WEDNESDAY
09:00 – 13:00: Lecture3: Cybersecurity Audit and Monitoring with Coffee break
13:00 – 14:00: Lunch Break
14:00 – 16:00: Group Work - Audit and Monitoring
16:30 – 22:00: Cultural Programme and Dinner

THURSDAY
09:00 – 11:00: Lecture4: Information Security Policy (ISP)
11:30 – 13:00: Security Plan
13:00 – 14:00: Lunch Break
14:00 – 15:30: Group Work

FRIDAY
09:00 – 13:00: Presentation of Results with Coffee break
13:00 – 14:00: Lunch Break
14:00 – Departure

Learning outcomes

By the end of this Learner Exchange School, learners will be able to:

Identify Cyber Security Frameworks

  • By the end of this section, learners will be able to understand and explore how each cyber security framework structures the identification, analysis and mitigation of cyber threats and how they compliment real-world defence strategies.
  • Specifically, learners will gain foundational knowledge in a number of cyber security 

Explore National Regulations and Laws

  • By the end of this section, learners will be able to analyse the main national and European laws and regulations that impose mandatory cybersecurity and resilience requirements on critical sectors.
  • Learners will also be able to assess an organisation's current cybersecurity posture against that laws and regulation, identifying compliance gaps for mitigation planning.

Explore Cyber Security Compliance Regulations and Policies

  • By the end of this section, learners will be able to understand and compare key cyber security compliance regulations and policies that govern the protection of data, digital services and critical infrastructure across multiple sectors including finance and health.
  • Specifically learners will gain foundational knowledge of several regulations such as NIST SP-800-53, GDPR (General Data Protection Regulation), NIS2 Directive(2023), EU Cyber Resilience Act (CRA) etc.

Apply Correct Standards/Best practices to achieve Compliance

  • Learners will develop the ability to select and implement specific security controls and best practices (technical and procedural) derived from standards to address identified risks.
  • Specifically, learners will structure a practical action plan that ensures regulatory compliance and demonstrates due diligence through the consistent and auditable application of security standards.

Selection criteria

Selection will be based on: compliance to the prerequisites; order of submission; wide representation of fields of study and balanced participation of RUN-EU member institutions. 

Involved organisations and persons

Häme University of Applied Sciences

Partner Organisation
  • Ernesto Hernandez (Instructor)

Polytechnic University of Cávado and Ave

Partner Organisation
  • Paulo Teixeira (Instructor)

Technological University of the Shannon

Lead Organisation
  • Mary Pidgeon (Lead Instructor)
  • Nandini Sharma (Regional Stakeholder)
  • Sharon Gurry (Instructor)
Product label: LEX-CYBSECGV-01

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Education and Culture Executive Agency (EACEA). Neither the European Union nor EACEA can be held responsible for them. Grant Agreement Number: 101124674