EBIOS RM training, preparation for certification

  • Understanding the EBIOS method
  • Map the risks
  • Master the elements of basic risk management for information security using the EBIOS method
  • Practice risk management with the EBIOS risk manager method
  • Analyze and communicate the results of an EBIOS study.

CISO or security correspondents, security architects, IT directors or managers, engineers, project managers (MOE, MOA) who must integrate security requirements.

Good knowledge of IS security and the 27005 standard.

3 Days.

Practical exercises and demonstrations will allow you to put into practice the theoretical concepts presented.

For “Distance” training, they are carried out with a Teams or Zoom type videoconferencing tool depending on the case, allowing the trainer to adapt his teaching methods.
Find on our website all the details about distance sessions or virtual classes.

  • The EBIOS risk manager method
  • The fundamentals of risk management.
  • Focus on cybersecurity (priority threats).
  • Presentation of EBIOS.
  • Main definitions of EBIOS risk manager.
  • Framing and security base
  • Identification of the business and technical scope.
  • Identification of feared events and assessment of their severity levels.
  • Determine the security base.

Practical work
Identify feared events.

  • Sources of risk
  • Identify the sources of risk (SR) and their targeted objectives (OV).
  • Evaluate the suitability of couples.
  • Evaluate the SR / OV pairs and select those deemed to have priority for analysis.
  • Assess the severity of strategic scenarios.

Practical work
Identify the sources of risk (SR) and their targeted objectives (OV). Evaluate the SR / OV pairs.

  • Strategic scenarios
  • Assess the level of threat associated with stakeholders.
  • Construction of a digital threat map of the ecosystem and critical stakeholders.
  • Development of strategic scenarios.
  • Definition of security measures on the ecosystem.

Practical work
Assess the level of threat associated with stakeholders. Development of strategic scenarios.

  • Operational scenarios
  • Development of operational scenarios.
  • Likelihood assessment.
  • Threat modeling, ATT & CK.
  • Common Attack Pattern Enumeration and Classification (CAPEC).

Practical work
Development of operational scenarios. Likelihood assessment.

  • Risk treatment
  • Production of a summary of risk scenarios.
  • Definition of the treatment strategy.
  • Define the security measures in a PACS.
  • Assessment and documentation of residual risks.
  • Establishment of the risk monitoring framework.

Practical work
Define security measures in a Continuous Security Improvement Plan (PACS). Establishment of the risk monitoring framework.