Are you the victim of a security incident? Contact our CERT


EBIOS - Risk Manager certification

This training enables you to learn the Ebios RM methodology (Expression of needs and identification of security objectives), a method recognized by the ANSSI.
During this training, you will acquire by alternating theoretical and practical time, skills and abilities to carry out an Ebios RM study.
You will develop a practical case study from start to finish, enabling you to understand all the ins and outs of risk management with Ebios RM.

Course overview

  • Understand the concepts, issues and basic principles of risk management when using the EBIOS Risk Manager method.
  • Understand the activities of the EBIOS Risk Manager method in order to follow the realization of risk analysis as a project manager.
  • Understand the conclusions of an EBIOS Risk Manager study and its main deliverables.
  • Pass a certification exam to validate the knowledge acquired during the training and become “PECB EBIOS Risk Manager” certified.

Course Curriculum

Day 1

I. Course objectives and structure

II. Introduction to the EBIOS method

  • The fundamentals of risk management
  • Presentation of EBIOS
  • Zoom on cybersecurity (priority threats)
  • Main EBIOS RM definitions
  • Exercise 1: Understanding terminology
  • Key concepts and workshops of the RM EBIOS method

III. Workshop 1: Framework and security foundation

  • Workshop presentation
  • Definition of the study and project framework
  • Identification of the business and technical scope
  • Identification of feared events and assessment of their level of severity
  • Determining the security foundation
  • Exercise 2: Identifying feared events

IV. Workshop 2: Sources of risk

  • Workshop presentation
  • Identify Sources of Risk (SR) and their Target Objectives (TO)
  • Assess the relevance of the pairs
  • Evaluate the SR/OV pairs and select those deemed priority for analysis
  • Relate feared events to SR/OV groups
  • Exercise 3: Evaluate SR/OV pairs

V. Workshop 3: Strategic scenarios (Part 1)

  • Workshop presentation
  • Assessing the level of threat associated with stakeholders
  • Constructing a digital threat map of the ecosystem and critical stakeholders
  • Exercise 4: Assessing the threat level associated with stakeholders
  • Development of strategic scenarios

Day 2

VI. Workshop 3: Strategic scenarios (Part 2)

  • Developing strategic scenarios
  • Exercise 5: Drawing up strategic scenarios
  • Definition of ecosystem security measures

VII. Workshop 4: Operational scenarios

  • Workshop presentation
  • Development of operational scenarios
  • Likelihood assessment
  • To go further (Threat modeling, ATT&CK, CAPEC)
  • Exercise 6: Development of operational scenarios.

VIII. Workshop 5: Risk management

  • Workshop presentation
  • Drawing up a summary of risk scenarios
  • Definition of treatment strategy
  • Defining security measures in a continuous security improvement plan (PACS)
  • Evaluation and documentation of residual risks
  • Implementation of a risk monitoring framework
  • Exercise 7: Continuous security improvement plan
  • Conclusion

IX. Certification process and end of training

Day 3

X. Review

XI. Certification Exam

Method of Assessment

The “PECB Certified EBIOS Risk Manager” exam is held on the 3rd day of training and lasts 3 hours. The exam covers the following areas of competence:

  • Domain 1: Fundamental principles and concepts of information security risk management according to the EBIOS method.
  • Domain 2: EBIOS-based information security risk management program.
  • Domain 3: Information security risk assessment based on the EBIOS method

The benefits of face-to-face training

This training is based on alternating theoretical and practical sessions:

  • Lectures illustrated with examples from real cases
  • Classroom exercises to help prepare for the exam

In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.

Who should attend?

  • People wishing to learn the fundamental concepts of risk management.
  • People involved in risk assessment activities using the EBIOS method.
  • People wishing to understand risk assessment techniques based on the EBIOS method.
  • People wishing to master techniques for analyzing and communicating risk assessment results based on the EBIOS method.
  • Security officers
  • Risk managers
  • Company data processing managers
  • Project managers or consultants
  • CIOs and managers responsible for corporate IT and risk management.
  • Information security team members
  • Expert IT consultants
  • Technical experts wishing to prepare for a position in information security or CISO

Entry Requirements

  • Knowledge of risk management and its fundamentals.
  • First knowledge of EBIOS 2010 or EBIOS Risk Manager methodology.

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 10 working days before the start of the training.


Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.

To go further

This training course is a preparation for the following training course:


3 days (21 hours)


€2300 excl. tax.


Breakfast & lunch included


OPCO support

Download the training sheet in PDF format

Would you like more information?

+33 (0)2 55 59 01 11

Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data. The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information. You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights). You can exercise your rights by contacting Almond's Data Protection Officer at the following address: [email protected]. Your data will be kept within the European Union, in accordance with the regulations in force.