Course : EBIOS Risk Manager: Certification

EBIOS Risk Manager: Certification

Download in PDF format Share this course by email 2

Average of customer reviews Average of customer reviews Average of customer reviews Average of customer reviews
4,1 / 5
Download in PDF format Share this course by email 2

The EBIOS method is used to assess and handle information system security risks based on proven experience in information system consulting and business analysis. This training will provide you with all the skills needed to implement it in a real-world situation.


Inter
In-house
Custom

Practical course in person or remote class

Ref. EBN
Price : 2660 € E.T.
  3d - 21h00
Contact us




The EBIOS method is used to assess and handle information system security risks based on proven experience in information system consulting and business analysis. This training will provide you with all the skills needed to implement it in a real-world situation.

Teaching objectives
At the end of the training, the participant will be able to:
  • Understand the EBIOS method
  • Map risks
  • Know the basic aspects of risk management for information security, using the EBIOS method
  • Conduct risk management with the EBIOS Risk Manager method
  • Analyze and communicate the results of an EBIOS study

Intended audience
CISOs or security contacts, security architects, IT directors or officers, engineers, and project managers (owner, lead contractor) who need to incorporate security requirements

Prerequisites
Good knowledge of IS security and the 27005 standard.

Course schedule

The EBIOS Risk Manager method

  • Risk management fundamentals.
  • Overview of EBIOS.
  • Spotlight on cybersecurity (priority threats).
  • Main definitions of an EBIOS Risk Manager.

Framing and security base

  • Identifying the technical and business scope.
  • Identifying the feared events and assessing their severity levels.
  • Determining the security base.
Hands-on work
Identifying the feared events.

Sources of risk.

  • Identifying risk origins (ROs) and their target objectives (TOs)
  • Assessing the relevance of these pairs.
  • Assessing the RO/TO pairs and selecting the ones deemed a priority for the analysis.
  • Assessing the severity of the strategic scenarios.
Hands-on work
Assessing the RO/TO pairs.

Strategic scenarios

  • Assessing the threat levels associated with stakeholders.
  • Building a digital threat map of the ecosystem and critical stakeholders.
  • Writing strategic scenarios.
  • Defining security threats to the ecosystem.
Hands-on work
Assessing the threat levels associated with stakeholders. Writing strategic scenarios.

Operational scenarios

  • Writing operational scenarios.
  • Assessing likelihoods.
  • Threat modeling, ATT&CK.
  • Common attack pattern enumeration and classification (CAPEC).
Hands-on work
Writing operational scenarios.

Handling risk

  • Conducting a summary of risk scenarios.
  • Defining the treatment strategy.
  • Defining the security measures in a security continuous improvement plan (SCIP).
  • Evaluating and documenting residual risks.
  • Setting up a risk monitoring framework.
Hands-on work
Defining the security measures in a SCIP (security continuous improvement plan).

Review and preparation for the exam

  • Review of the program.
  • Mock exam and group correction. Tips for the exam.

Certification

  • At the end of the course, a participation certificate worth 21 CPD (Continuing Professional Development) credits is issued.
  • The exam consists of answering 12 questions in two-and-a-half hours.
  • A minimum score of at least 70% is required to pass.
Exam
Taking the PECB-certified EBIOS Risk Manager exam.


Practical details
Teaching methods;
The materials, instruction, and exam are in French.

Customer reviews
4,1 / 5
Customer reviews are based on end-of-course evaluations. The score is calculated from all evaluations within the past year. Only reviews with a textual comment are displayed.