Knowledge base for security awareness, phishing and NIS2
The 2LRN4 knowledge base is built for topical authority. It includes 149 in-depth articles on phishing, employee behavior, NIS2, security awareness strategy and incidents or data breaches.
NIS2 and compliance
Acceptable use policy (AUP): what it should cover
Practical guidance on acceptable use policy aup for organizations that want to improve secure behavior structurally.
AI governance and awareness in one program
Practical guidance on AI governance awareness for organizations that want to improve secure behavior structurally.
Board reporting and awareness in the public sector
Practical guidance on board reporting public sector awareness for organizations that want to improve secure behavior structurally.
Board reporting for awareness without noise
Practical guidance on board reporting awareness for organizations that want to improve secure behavior structurally.
CIA triad versus the GDPR: integrity and confidentiality, twice
Information security uses the CIA triad; the GDPR names integrity and confidentiality as a principle. The same words, a different scope. The difference explained for your awareness programme.
Connecting breach reporting and awareness
Practical guidance on breach reporting awareness for organizations that want to improve secure behavior structurally.
Data classification and the need-to-know principle
Not all data needs the same protection. How classification and the need-to-know principle help share the right data with the right people.
Data minimisation in practice: collect only what you need
The less data you have, the less can leak. Data minimisation explained, with practical examples for forms, email and storage.
Data protection and privacy: GDPR essentials for employees
Practical guidance on data protection and privacy gdpr for organizations that want to improve secure behavior structurally.
Data subject rights: access, rectification and erasure
People have rights over their own data. Which rights the GDPR grants, what a request means for you, and how to handle it correctly.
DORA for financial institutions, what awareness means
Practical guidance on dora awareness for organizations that want to improve secure behavior structurally.
Government baseline security in Europe: meeting the awareness requirement step by step
Most European governments work to a national baseline for information security, and all of them require demonstrable awareness. This is how public bodies meet that requirement step by step, with training, repetition and audit-ready proof.
Healthcare information security awareness across European member states
Practical guidance on healthcare information security awareness europe for organizations that want to improve secure behavior structurally.
How do I track which employees have completed training?
Practical guidance on tracking security training completion for organizations that want to improve secure behavior structurally.
How to collect audit evidence for awareness
Practical guidance on audit evidence awareness for organizations that want to improve secure behavior structurally.
How to write a security awareness policy
Practical guidance on security awareness policy for organizations that want to improve secure behavior structurally.
ISO 27001 awareness requirements explained
Practical guidance on ISO 27001 awareness requirements for organizations that want to improve secure behavior structurally.
ISO/IEC 27002:2022 updated: what does it mean for your security awareness programme?
ISO/IEC 27002:2022 makes awareness more explicit: demonstrable, role-based and repeated. What changed, and how to set up your programme without turning it into a tick-box exercise.
Medical personal data is highly sought after: why healthcare is a target
Medical data is often worth more than credit card data on the black market. Why healthcare is a favourite target, which legislation applies, and how employees make the difference.
NIS2 awareness checklist for organizations
Practical guidance on NIS2 awareness checklist for organizations that want to improve secure behavior structurally.
NIS2 awareness for healthcare organizations
Practical guidance on NIS2 awareness healthcare for organizations that want to improve secure behavior structurally.
NIS2 board training obligation across European member states
Practical guidance on nis2 board training obligation europe for organizations that want to improve secure behavior structurally.
NIS2 roles and responsibilities around awareness
Practical guidance on NIS2 roles awareness for organizations that want to improve secure behavior structurally.
NIS2 transposition across European member states
Practical guidance on nis2 transposition europe for organizations that want to improve secure behavior structurally.
Privacy by design and by default: privacy from the start
Privacy is not arranged afterwards, but from the start. What privacy by design and by default mean, and how to apply them in projects and daily choices.
Privacy implications of AI-driven platforms
AI platforms often process large amounts of personal data. What privacy risks this brings, what the GDPR and the AI Act require, and which agreements employees need.
Recognising and preventing identity theft
In identity theft, someone uses your data to impersonate you. How it works, how to recognise it, and what to do if it happens to you.
Recognising personal data: what counts and what doesn't?
Names and addresses are not the only personal data. Learn to recognise what falls under the GDPR, including less obvious examples like IP addresses and licence plates.
Securely destroying data: paper, drives and cloud data
Deleting is not the same as destroying, and not all data may simply be thrown away. How to make paper, drives and cloud data truly unreadable, and how legal retention obligations set your timeframe.
Should security training be mandatory?
Practical guidance on should security training be mandatory for organizations that want to improve secure behavior structurally.
Special category data: extra protection, extra rules
Health, religion and biometrics are special category data. Which categories exist, why they get extra protection, and how to handle them in practice.
Supplier security awareness in the supply chain
Practical guidance on supplier security awareness for organizations that want to improve secure behavior structurally.
The six legal bases for processing personal data
You cannot just process personal data: you need a legal basis. The six legal bases of the GDPR explained, with practical examples.
What happens when employees skip security training?
Practical guidance on consequences employees skipping security training for organizations that want to improve secure behavior structurally.
What is NIS2 awareness?
Practical guidance on what is NIS2 awareness for organizations that want to improve secure behavior structurally.
What is the difference between security training and compliance training?
Practical guidance on difference security training and compliance training for organizations that want to improve secure behavior structurally.
What is the GDPR and what does it mean for you?
The GDPR is not a distant law for lawyers; it shapes how you handle data every day. What the GDPR asks of you in your daily work, in plain language.
What is the GDPR? The basics in plain language
The GDPR in plain language: what the law is, who it applies to, and which principles shape your daily work with personal data.
Which compliance requirements mandate security awareness training?
Practical guidance on compliance requirements security awareness training for organizations that want to improve secure behavior structurally.
Which security topics matter most for executives and boards?
Practical guidance on security topics for executives and boards for organizations that want to improve secure behavior structurally.