Overview:

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization.

OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation were developed by the Computer Emergency Response Team (CERT), and it was funded by the US Department of Defense. This risk assessment tool is used to help prepare organizations for security strategic assessments and planning for their information.

EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, was developed by the French Central Information Systems Security Division. The goal of this risk assessment tool is to assess and treat risks with an IS, which would result in assisting the management decision-making, and guide stakeholders to find a mutual set of discussions.

MEHARI - Methode Harmonisee d’Analyse de Risques, was developed by CLUSIF, a non-profit Information Security organization. The goal of this risk assessment tool is to mostly to provide guidelines for ISO/IEC 27005 Implementation and analyze scenario-based risks landscapes for short-long term security management.

MEHARI Risk Manager training enables you to gain the necessary knowledge and expertise to analyze the information security risks appropriate to the different stages of the security lifecycle in an organization. During this training course, you will have the opportunity to acquire the necessary skills to review the security services, detect critical risks and analyze risk scenarios based on the MEHARI risk analysis method.

Based on practical exercises and case studies, you will have the opportunity to acquire the necessary skills to perform stakes analysis and classification, evaluate the security services, conduct risk analysis and define security plans.

After mastering all the necessary concepts of risk analysis using the MEHARI method, you can sit for the exam and apply for a “PECB Certified MEHARI Risk Manager” credential. By holding a PECB Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support an organization in performing risk assessment based on the MEHARI method.

Duration:  03 days

Objectives:

• Understand the concepts and general principles associated with MEHARI risk analysis method
• Gain a thorough understanding of the four phases of the MEHARI approach
• Develop the necessary skills to identify malfunctions, analyze scenarios of each malfunction, identify the malfunction value scale and prepare a formal classification of the information system assets
• Develop the necessary skills to evaluate the quality of security services in an organization based on MEHARI method
• Understand MEHARI risk model
• Develop the necessary skills to characterize risk, analyze risk situations and conduct quantitative analysis of a risk situation
• Acquire the necessary skills to develop security plans based on MEHARI approach

Intended Audience: 

• Individuals seeking to gain a thorough understanding of MEHARI risk analysis method and MEHARI risk model
• Managers seeking to develop the necessary skills to support organizations in information security risk analysis
• Auditors seeking to gain a thorough understanding of the MEHARI method
• Members of an information security team seeking to advance their skills and gain a thorough understanding on how to evaluate the quality of security services 

Prerequisites

A fundamental knowledge of risk management.

Course outlines:

1. Day 1: Introduction to concepts and phases of MEHARI risk analysis method
2. Day 2: Conducting risk analysis using MEHARI method
3. Day 3: Security planning according to MEHARI method and Certification Exam