Why should you attend?
EBIOS Risk Manager training enables you to gain the necessary knowledge and develop the necessary competence to master risk management concepts and components related to all assets of relevance for Information Security based on the EBIOS method.
Based on practical exercises and case studies, you will have the opportunity to acquire the necessary skills to perform an optimal Information Security risk assessment and timely risk management by being familiar with its life cycle. This training fits perfectly in the framework of the ISO/IEC 27001 standard implementation process.
After mastering all the necessary concepts of risk assessment using the EBIOS method, you can sit for the exam and apply for a “Certified EBIOS Risk Manager” credential. By holding a Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support an organization in performing risk assessment based on the EBIOS method.
Who should attend?
- Individuals seeking to learn and understand the basic concepts of Risk Management
- Individuals participating in risk assessment activities using the EBIOS method
- Managers seeking to understand the techniques for performing risk assessment based on the EBIOS method
- Managers seeking to master the techniques for analyzing and communicating the results of a risk assessment based on the EBIOS method
Learning objectives
- Understand the concepts and basic principles of risk management associated with the use of the EBIOS method
- Understand the activities of the EBIOS method in order to follow the completion of studies (pilot, control, reframe) as a work master
- Understand and explain the findings of an EBIOS study and its key deliverables
- Acquire the necessary skills to carry out an EBIOS study
- Acquire the necessary skills to manage security risks of an organization’s information systems
- Develop the necessary skills to analyze and communicate the results of an EBIOS study
Educational approach
- This training is based on both theory and best practices of risk assessment using the EBIOS method
- Lecture sessions are illustrated with examples based on case studies
- Practical exercises are based on case studies which include role playing and discussions
- Practical exercises and examples are similar to the Certification Exam
Prerequisites
A fundamental knowledge of risk management.
Course agenda
Day 1: Introduction to EBIOS risk assessment method
Day 2: Conducting risk assessment using the EBIOS method
Day 3: Workshop with case studies and Certification Exam
Examination
The “Certified EBIOS Risk Manager” exam fully meets the requirements of the Examination and Certification Programme (ECP). The exam covers the following competency domains:
Domain 1: Fundamental principles and concepts of Information Security risk management process based on the EBIOS method
Domain 2: Information Security risk management framework based on the EBIOS method
Domain 3: Information Security risk assessment using the EBIOS method
Domain 4: Information Security risk estimation, evaluation and identification of security objectives
Domain 5: Information Security risk treatment based on the EBIOS method
Certification
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.
The requirements for Risk Manager Certifications are:
| Credential | Exam | Professional experience | Risk Management experience | Other requirements |
| Certified EBIOS Provisional Risk Manager | Certified EBIOS Risk Manager exam or equivalent | None | None | Signing the Code of Ethics |
| Certified EBIOS Risk Manager | Certified EBIOS Risk Manager exam or equivalent | Two years: One year of work experience in Risk Management | Risk assessment activities: a total of 200 hours | Signing the Code of Ethics |
To be considered valid, these risk assessment activities should follow best implementation practices and include the following:
- Defining a risk management approach
- Designing and implementing an overall risk management process for an organization
- Defining risk evaluation criteria
- Performing risk assessment
- Identifying assets, threats, existing controls, vulnerabilities and consequences (impacts)
- Assessing consequences and incident likelihood
- Evaluating risk treatment options
- Performing a risk management review
General Information
- Certification fees are included on the exam price
- Training material containing over 350 pages of information and practical examples will be distributed
- A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued
- In case of exam failure, you can retake the exam within 12 months for free