Leader in the cybersecurity training sector.

Contact

Risk Manager - EBIOS method

Catégorie
Satisfaction rate
4.8
Success rate
4.8

The target audience for training

  • Consultants,
  • IS security managers,
  • Risk managers, anyone involved in IT risk assessment activities.

What you will learn

At the end of the course, trainees will be able to use the Ebios method to identify and deal with information security risks.

Training programme

  • Duration: 2 days
Day 1: Introduction to the EBIOS Risk Manager method
  • Training objectives, programme structure and expectations of participants
  • Standards frameworks and application contexts (ISO/IEC 27001, role of risk management)
  • Full presentation of the RM EBIOS method.

 

  • Workshop 1 - Defining the scope (framing & security baseline) :
    • Determining the business and technical scope ;
    • Identification of feared events ;
    • Defining the security baseline ;
    • Practical exercise: identifying feared events

 

  • Workshop 2 - Risk Origins :
    • Identifying sources of risk and target objectives ;
    • Assessing the suitability of SR/TO pairs ;
    • Practical exercise in SR/TO analysis

 

      • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
  • Methods and tools for identifying risks, based on asset inventories and the
    threat mapping.
  • In-depth risk analysis: identification of scenarios, analysis of causes,
    vulnerability assessment.
  • Risk assessment based on likelihood and impact criteria.
  • Risk management techniques: reduction, transfer, acceptance or avoidance.
  • Specific assessment of risks relating to information security and critical assets.
  • Best practice in internal risk communication and consultation
    and with external stakeholders.

 

  • Workshop 3 - Strategic scenarios (part 1) :
    • Building a map of digital threats and stakeholders
      reviews ;
    • Workshops to develop strategic scenarios ;
    • Practical exercise on assessing threat levels

 

  • Workshop 3 - Strategic scenarios (part 2) :
    • Finalisation of strategic scenarios ;
    • Definition of relevant safety measures.

 

  • Workshop 4 - Operational scenarios :
    • Drafting operational scenarios ;
    • Likelihood estimation of scenarios ;
    • Introduction to complementary approaches such as Threat Modeling, ATT&CK,
      CAPEC ;
    • Practical exercise on operational scenarios

 

  • Workshop 5 - Risk management :
    • Drawing up a summary of risk scenarios ;
    • Definition of a treatment strategy (reduction, maintenance, transfer, refusal) ;
    • Drawing up security measures (continuous improvement plan - PACS / SCIP) ;
    • Assessment and documentation of residual risks ;
    • Setting up an evolving surveillance framework ;
    • Practical exercise on the continuous improvement plan

 

  • Closing and final assessment.
  • Attendance certificates are handed out and participants evaluate the course.

 

  • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Trainer profile

Expert consultant-trainer in information security risk management, combining technical expertise, field experience and teaching know-how, whose technical, professional and teaching skills have been rigorously assessed and validated as part of our internal selection procedures.

Teaching methods and resources

The course is based on a balanced combination of theoretical and practical approaches, guaranteeing both the acquisition of knowledge and its operational application:

  • Structured theoretical input, illustrated by practical examples tailored to the participants' professional context.
  • Practical exercises at each stage to help you assimilate the knowledge you have acquired.
  • A case study linking the different skill blocks.
  • Strong interaction between trainers and trainees, making exchanges more concrete and in correlation with trainees' expectations.
  • Full educational documentation, supplied in digital format.
  • Course evaluation questionnaire at the end of the course, analysed by our teaching team.
  • Certificate of acquired skills sent to the trainee at the end of the course.
  • End-of-training certificate sent at the same time as the invoice to the company or funding organisation, confirming that the trainee has fully attended the session.

Training objectives

  • Understand the risk management concepts and principles of the EBIOS method
  • Mastering the steps of the EBIOS method to carry out a complete study
  • Managing information security risks using the EBIOS method
  • Analysing and communicating the results of an EBIOS study.

Assessment method

  • Practical exercises at every stage of the course.
  • A case study linking the different skill blocks.
  • Quiz at the end of each day's training.
  • Self-assessment of knowledge acquired by the trainee via a questionnaire.

Training prerequisites

  • Be familiar with the ANSSI security guide,
  • Completion of the introductory course in cybersecurity or equivalent knowledge of information systems security.
See the brochure for this course
  • Language : French
  • Level : Fundamental
  • Certification body : ACG CYBERACADEMY
  • Certification: No
  • Accessibility : Yes
  • Duration: 2 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
1 personne
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "1 personne" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Demande d’information

Je souhaite obtenir plus d'informations sur vos formations.
ACG CyberAcademy collecte et utilise les données fournies via ce formulaire afin de traiter vos demandes d'inscription. Les champs marqués d’un * sont indispensables. Les autres informations nous permettent d’optimiser le suivi de votre demande ainsi que la qualité de notre relation client.
* Pour en savoir plus et exercer vos droits, consultez notre Politique Vie privée.

Demande d’information

Je souhaite obtenir plus d'informations sur vos formations.
ACG CyberAcademy collecte et utilise les données fournies via ce formulaire afin de traiter vos demandes d'inscription. Les champs marqués d’un * sont indispensables. Les autres informations nous permettent d’optimiser le suivi de votre demande ainsi que la qualité de notre relation client.
* Pour en savoir plus et exercer vos droits, consultez notre Politique Vie privée.