Overview:

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization.

OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation were developed by the Computer Emergency Response Team (CERT), and it was funded by the US Department of Defense. This risk assessment tool is used to help prepare organizations for security strategic assessments and planning for their information.

EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, was developed by the French Central Information Systems Security Division. The goal of this risk assessment tool is to assess and treat risks with an IS, which would result in assisting the management decision-making, and guide stakeholders to find a mutual set of discussions.

MEHARI - Methode Harmonisee d’Analyse de Risques, was developed by CLUSIF, a non-profit Information Security organization. The goal of this risk assessment tool is to mostly to provide guidelines for ISO/IEC 27005 Implementation and analyze scenario-based risks landscapes for short-long term security management.

EBIOS Risk Manager training enables you to gain the necessary knowledge and develop the necessary competence to master risk management concepts and components related to all assets of relevance for Information Security based on the EBIOS method.

Based on practical exercises and case studies, you will have the opportunity to acquire the necessary skills to perform an optimal Information Security risk assessment and timely risk management by being familiar with its life cycle. This training fits perfectly in the framework of the ISO/IEC 27001 standard implementation process.

After mastering all the necessary concepts of risk assessment using the EBIOS method, you can sit for the exam and apply for a “PECB Certified EBIOS Risk Manager” credential. By holding a PECB Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support an organization in performing risk assessment based on the EBIOS method.

Duration:  03 days

Objectives:

• Understand the concepts and basic principles of risk management associated with the use of the EBIOS method
• Understand the activities of the EBIOS method in order to follow the completion of studies (pilot, control, reframe) as a work master
• Understand and explain the findings of an EBIOS study and its key deliverables
• Acquire the necessary skills to carry out an EBIOS study
• Acquire the necessary skills to manage security risks of an organization's information systems
• Develop the necessary skills to analyze and communicate the results of an EBIOS study

Intended Audience:

• Individuals seeking to learn and understand the basic concepts of Risk Management
• Individuals participating in risk assessment activities using the EBIOS method
• Managers seeking to understand the techniques for performing risk assessment based on the EBIOS method
• Managers seeking to master the techniques for analyzing and communicating the results of a risk assessment based on the EBIOS method

Prerequisites

A fundamental knowledge of risk management.

Course outlines:

1.      Day 1: Introduction to EBIOS risk assessment method

2.      Day 2: Conducting risk assessment using the EBIOS method

3.      Day 3: Workshop with case studies and Certification Exam