This training enables you to learn the Ebios RM methodology (Expression of needs and identification of security objectives), a method recognized by the ANSSI.
During this training, you will acquire by alternating theoretical and practical time, skills and abilities to carry out an Ebios RM study.
You will develop a practical case study from start to finish, enabling you to understand all the ins and outs of risk management with Ebios RM.
Course overview
- Understand the concepts, issues and basic principles of risk management when using the EBIOS Risk Manager method.
- Understand the activities of the EBIOS Risk Manager method in order to follow the realization of risk analysis as a project manager.
- Understand the conclusions of an EBIOS Risk Manager study and its main deliverables.
- Pass a certification exam to validate the knowledge acquired during the training and become “PECB EBIOS Risk Manager” certified.
Course Curriculum
Day 1
I. Course objectives and structure
II. Introduction to the EBIOS method
- The fundamentals of risk management
- Presentation of EBIOS
- Zoom on cybersecurity (priority threats)
- Main EBIOS RM definitions
- Exercise 1: Understanding terminology
- Key concepts and workshops of the RM EBIOS method
III. Workshop 1: Framework and security foundation
- Workshop presentation
- Definition of the study and project framework
- Identification of the business and technical scope
- Identification of feared events and assessment of their level of severity
- Determining the security foundation
- Exercise 2: Identifying feared events
IV. Workshop 2: Sources of risk
- Workshop presentation
- Identify Sources of Risk (SR) and their Target Objectives (TO)
- Assess the relevance of the pairs
- Evaluate the SR/OV pairs and select those deemed priority for analysis
- Relate feared events to SR/OV groups
- Exercise 3: Evaluate SR/OV pairs
V. Workshop 3: Strategic scenarios (Part 1)
- Workshop presentation
- Assessing the level of threat associated with stakeholders
- Constructing a digital threat map of the ecosystem and critical stakeholders
- Exercise 4: Assessing the threat level associated with stakeholders
- Development of strategic scenarios
Day 2
VI. Workshop 3: Strategic scenarios (Part 2)
- Developing strategic scenarios
- Exercise 5: Drawing up strategic scenarios
- Definition of ecosystem security measures
VII. Workshop 4: Operational scenarios
- Workshop presentation
- Development of operational scenarios
- Likelihood assessment
- To go further (Threat modeling, ATT&CK, CAPEC)
- Exercise 6: Development of operational scenarios.
VIII. Workshop 5: Risk management
- Workshop presentation
- Drawing up a summary of risk scenarios
- Definition of treatment strategy
- Defining security measures in a continuous security improvement plan (PACS)
- Evaluation and documentation of residual risks
- Implementation of a risk monitoring framework
- Exercise 7: Continuous security improvement plan
- Conclusion
IX. Certification process and end of training
Day 3
X. Review
XI. Certification Exam
Method of Assessment
The “PECB Certified EBIOS Risk Manager” exam is held on the 3rd day of training and lasts 3 hours. The exam covers the following areas of competence:
- Domain 1: Fundamental principles and concepts of information security risk management according to the EBIOS method.
- Domain 2: EBIOS-based information security risk management program.
- Domain 3: Information security risk assessment based on the EBIOS method
The benefits of face-to-face training
This training is based on alternating theoretical and practical sessions:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- People wishing to learn the fundamental concepts of risk management.
- People involved in risk assessment activities using the EBIOS method.
- People wishing to understand risk assessment techniques based on the EBIOS method.
- People wishing to master techniques for analyzing and communicating risk assessment results based on the EBIOS method.
- Security officers
- Risk managers
- Company data processing managers
- Project managers or consultants
- CIOs and managers responsible for corporate IT and risk management.
- Information security team members
- Expert IT consultants
- Technical experts wishing to prepare for a position in information security or CISO
Entry Requirements
- Knowledge of risk management and its fundamentals.
- First knowledge of EBIOS 2010 or EBIOS Risk Manager methodology.
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is a preparation for the following training course:
Duration
3 days (21 hours)
Price
€2300 excl. tax.
Meal
Breakfast & lunch included
Financing
OPCO support