EBIOS RM Managing cybersecurity by controlling digital risk
The target audience for training
- Risk Managers / ISS Managers
- CISOs / IT Departments / Project managers
- IS security consultants
- IS & ISMS auditors/ISMS certifiers
- Compliance officers (NIS2, RGPD, ISO 27001)
- Digital project managers
What you will learn
In a world where digital technology has become the bedrock of all economic activity, managing cyber risks is no longer a luxury, but a strategic necessity.
Today, cyber attacks are no longer the work of isolated hackers: they are organised, targeted, stealthy and often destructive. Ransomware, industrial espionage, compromised suppliers, hijacked business emails... even small organisations are exposed to increasingly sophisticated attacks on a daily basis.
Faced with this situation, senior management, security managers, project managers and cyber officers must be able to understand the threats, measure their real impact and respond to them methodically, rigorously and lucidly.
The aim of this course is to provide you with the skills and tools to identify, analyse, prioritise and deal with digital risks, based on the EBIOS Risk Manager method developed and recommended by ANSSI.
Training programme
- Duration: 3 days
DAY 1 - Fundamentals & Workshop 1: Framework and foundation
- Introduction & Expectations
- Risk, severity, risk level (ISO 27005)
- Overview of the RM EBIOS method (5 workshops + case study)
- Workshop 1 :
- Identification of support assets / business values
- Definition of feared events
- Safety foundation (existing standards, technical and organisational measures)
- Exercise: case study + base analysis table
- Workshop 1 :
DAY 2 - Workshops 2 to 4: Threats & scenarios
- Workshop 2 :
- Definition of SR/OV pairs
- Classification and mapping
- Exercise: SR/OV on health sector cases
- Workshop 3 :
- Stakeholder mapping
- Building strategic scenarios
- Exercise: attack via external service provider
- Workshop 4 :
- Transformation into technical scenarios
- Notions of MITRE ATT&CK, TTP
- Likelihood assessment
- Demonstration: mapping an attack with MITRE
DAY 3 - Workshop 5 & Final case study
- Workshop 5 :
- Choice of measures (ISO 27001, ANSSI, sector guides)
- Acceptance or transfer of risk
- Action plan follow-up
- Exercise: classification + treatment sheet
- Final case study :
- Complete replay of the 5 workshops on industrial cases
- Group presentations (oral + deliverable)
- Collective critical feedback
Teaching methods
- Affirmative (DIRE) : Theoretical courses, ISO 27005 reminders, structure of the method EBIOS RM (5 workshops)
- Interrogative (MAKE SAY) : Guided questions, interactive quizzes, reformulations
- Demonstrative (DO) : Method visualisation, MITRE mapping, demonstrations
- Active (FAIRE FAIRE) : RM EBIOS practical workshops, case studies
Training objectives
At the end of this immersive and operational training course, participants will be able to :
- Apply the EBIOS Risk Manager method to a real or simulated case
- Understanding fundamental concepts: risk, threat, vulnerability, severity
- Identify supporting assets, objectives and sources of risk
- Develop strategic and operational scenarios based on threats
- Choosing and planning risk management measures
- Consolidate a comprehensive approach to ISS risk management
- Supporting an organisation in its move towards a well thought-out, managed and documented cyber security policy
Training prerequisites
- General knowledge of information systems security
- Familiarity with IS, governance and audit concepts
- Aptitude for methodological and collaborative approaches
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 3 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).