Leader in the cybersecurity training sector.

Contact

Mastering the role of CISO and effectively managing cybersecurity governance

Catégorie
Satisfaction rate
4.8
Success rate
4.9
Train ISSMs to manage cybersecurity governance, structure an ISMS that complies with ISO 27001, master risk analysis (EBIOS RM, ISO 27005) and develop an IS strategy aligned with business and regulatory challenges.

The target audience for training

  • Future or current CISOs
  • Safety engineers
  • ISD
  • SSI Consultants

What you will learn

The protection of information and the security of information systems are now so important that those responsible for information systems security must be increasingly involved in the governance processes of the company or organisation. The role of the CISO is essential, as he or she is responsible for actions relating to the protection of information and the security of the company's systems, networks, applications and data. This course, illustrated by a number of practical case studies, will provide participants with all the key best practices they need to master the dimensions of this job.

Training programme

  • Duration: 3 days

Learning objectives :

  • Understanding the CISO's strategic position within the organisation.
  • Mastering the fundamentals of effective IS governance.
  • Deploy an ISO/IEC 27001-compliant ISMS using a structured approach.

 

Contents:

  • The CISO's strategic role in the company: position, interactions, reporting.
  • ISS governance: key principles, management, indicators.
  • ISO/IEC 27001 standard: requirements, security policy, planning, operation.
  • Alignment with IT governance standards (COBIT, ISO 38500).

 

ANSSI best practices to strengthen governance :

  • Clear and distributed PSSI
  • Asset mapping
  • Involving business lines in risk management
  • Setting up an SSI steering committee

Learning objectives :

  • Identify, assess and deal with ISS risks using a structured approach.
  • Implement EBIOS Risk Manager to analyse threat scenarios.
  • Preparing an internal SSI audit.

 

Contents:

  • Introduction to SSI risk management: definitions, objectives, processes.
  • ISO/IEC 27005 standard: framework for risk analysis.
  • RM EBIOS approach :
    • Framing the study
    • Sources of risk and feared events
    • Threat scenarios & security measures
    • Validation of residual risks
  • Preparing for and conducting an ISO 27001 audit.
  • Risk management management tools (matrix, treatment plan, monitoring).

Learning objectives :

    • Understanding the ISS ecosystem and the standards in force.
    • Develop a security strategy that incorporates regulatory requirements (RGPD, NIS2, DORA).
    • Formalise a realistic and managed cyber security action plan.

 

Contents:

      • Overview of cybersecurity players: ANSSI, CNIL, service providers, integrators, publishers.
      • Regulations & obligations :
        • RGPD, DORA, NIS2, HDS
        • Incident reporting & response plan
      • Drawing up a strategic cyber security plan :
        • Maturity analysis
        • 12/24 month plan
        • Steering indicators (KPI, KRI)
      • ANSSI best practices for operational management :
        • Log monitoring, system hardening
        • Authorisation management, user awareness
        • Backups and disaster recovery

Teaching methods

  • Theoretical input enhanced by practical examples.
  • Practical activities: workshops, case studies, role-playing exercises.
  • Participants share their experiences.
  • Materials that comply with Qualiopi teaching standards (accessible and reusable).

Training objectives

At the end of the course, participants will be able to :

  • Effectively assume the role of CISO in the organisation's IS governance.
  • Structuring an ISMS in accordance with ISO/IEC 27001 and managing its implementation.
  • Applying risk analysis methods via EBIOS RM and ISO 27005.
  • Incorporating ANSSI best practices to reinforce the company's IS posture.
  • Define a cybersecurity strategy in line with business and regulatory challenges.

Assessment of prior learning

  • MCQ at the start of the course.
  • Validation quiz at the end of each day.
  • Final assessment.
  • Certificate of completion issued.

Training prerequisites

Experience in IT or participation in ISS missions

See the brochure for this course

Tarif

3500 €
  • Language : French
  • Level : Fundamental
  • Certification body : ACG CYBERACADEMY
  • Certification: No
  • Accessibility : Yes
  • Duration: 3 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
1 personne
3500
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "1 personne" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.