In this session, you will first learn about cyber security in 2024, and take a look into the mind of a hacker. Then, the CCB will offer a legal and regulatory perspective, with a focus on how your organisation can implement the NIS2 requirements. Howest will follow with practical experience and things to take into consideration. Finally, two organisations will share their real-life stories, one implementing NIS2 with the CyberFundamentals (CyFun) framework, and the other using the SOGP (Standard of Good Practice for Information Security) – which is aligned with the ISO 27000-series.

We are delighted to be co-hosting this session with Howest University of Applied Sciences, enabling us to bring academia and business together to explore this topic.

Beltug’s corporate basic and corporate premium membership allow you to pass on this invitation. We think this session might interest many of your colleagues in governance, risk and compliance and procurement.


Please inform us in advance if you cannot make it to the event. If you do not inform us, and do not show up for the event, we reserve the right to charge you a € 25 ‘no-show’ fee.


Welcome coffee


(in English) Welcome: Is information security really so difficult?

Gert-Jan Wille, Head of Cyber Security, Howest University of Applied Sciences


(in English) The state of cyber security in 2024: I hacked the Belgian Federal Government

In an era of escalating cyber threats, a controlled hack into the Belgian Federal Government revealed vulnerabilities and the ease with which they can be exploited. Illustrated with key figures and data on cyber incidents, this presentation provides a stark picture of the current threat landscape. Gain insights into the minds of cyber criminals and the critical statistics that shape our understanding of cyber security.

Koen Tamsyn, Business Unit Lead Cybersecurity, Inetum


(in English) What to do, by when, and how: CyFun and ISO 27001 as the guiding frameworks for NIS2 compliance

There are a lot of dates and issues to keep in mind and plan for. While you have until April 2026 to prove your cyber security controls are in place, as of October 2024 you must already notify incidents, and will also be able to report incidents to help your peers. Then, March 2025 is the deadline to let the CCB know you fall under NIS2. CyFun and ISO27001 can already guide you, and certification bodies are available to validate or certify your work. From a legal and regulatory angle, let’s look at the different dates and frameworks, and clarify how the inspections are envisaged.

Johan Klykens, Director National Cybersecurity Certification Authority, Centre for Cybersecurity Belgium


(in English) Ready, Set, Start: to the NIS2 in (roughly) 20 weeks

Just as racers need to prepare to run specific distances, you need to prepare for NIS2. In this presentation, Howest shares some ideas and experience, including:

  • A comparison of NIS2 and GDPR, and how you can benefit from the work that you have already done for GDPR
  • Practical experience and some things to think about when using CyFun in a small organisation

Kurt Schoenmaekers, Lector and Researcher Cyber Security, and Ben Verhasselt, Lector Cyber Security, Howest University of Applied Sciences


Q&A and discussion: your experiences, questions and best practices




(in English) If money was not a concern, how would you implement NIS2?

Levi Nietvelt, Policy Lead and Business Development, Beltug


(in English) User story: The Port of Antwerp – Bruges and CyFun

Landlord, facilitator, regulator and community builder, the Port of Antwerp-Bruges does it all. Designated as an operator of essential services, it builds on the ‘security policy for network and IT-systems’ (I.B.B. and P.S.I.) and the experience with the CIS-control framework. So, why did the Port transfer to the CyFun framework? How does it fit with the plan-do-check-act cycle? We’ll also learn about supervision, accepting risk, and the possible tensions with the self-assessment tools under the CyFun framework. As the owner of the risk, to what extent will an inspection agree with their vision?

Yannick Herrebaut, Cyber Resilience Manager – CISO, Port of Antwerp-Bruges


(in English) User story: Ahold Delhaize and SOGP (ISO)

The global Ahold Delhaize group has hundreds of supermarket stores in Belgium and is active in several EU countries, the US, Indonesia and online. Within this international context, the group uses the Standard of Good Practice for Information Security (SOGP), which is aligned with the ISO 27000 series, and the NIST CSF framework to meet national, European, US and global demands to prove information security compliance. Join the discussion regarding the responsibility of country-based governing bodies versus global information security, and whether the responsibility for suppliers extends beyond cyber security into business continuity management.

Bing Van Seghbroeck, Information Security GCA Country Leader, Belgium & Luxemburg, Ahold Delhaize


Q&A and discussion: your experiences, questions and best practices


Wrap up & closing drink


End of the afternoon session, and start of meet-up (please register separately for the Howest-hosted meet-up; you will receive the invitation soon)

1 Step 1
How will you attend?

This privacy notice is to inform you that we may create pictures and/or video footage of this event, which we may use afterwards through our media channels.

If you are registering more than one person from your organisation, or need to indicate that another person will be replacing you at the event, please fill in a separate registration page for each person.

FormCraft - WordPress form builder