Develop the necessary skills to conduct risk analysis using the MEHARI Method

MEHARI

Why should you attend?

Why should you attend?

MEHARI Risk Manager training enables you to gain the necessary knowledge and expertise to analyze the information security risks appropriate to the different stages of the security lifecycle in an organization. During this training course, you will have the opportunity to acquire the necessary skills to review the security services, detect critical risks and analyze risk scenarios based on the MEHARI risk analysis method.

Based on practical exercises and case studies, you will have the opportunity to acquire the necessary skills to perform stakes analysis and classification, evaluate the security services, conduct risk analysis and define security plans.

After mastering all the necessary concepts of risk analysis using the MEHARI method, you can sit for the exam and apply for a “Certified MEHARI Risk Manager” credential. By holding a Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support an organization in performing risk assessment based on the MEHARI method.

Who should attend?

  • Individuals seeking to gain a thorough understanding of MEHARI risk analysis method and MEHARI risk model
  • Managers seeking to develop the necessary skills to support organizations in information security risk analysis
  • Auditors seeking to gain a thorough understanding of the MEHARI method
  • Members of an information security team seeking to advance their skills and gain a thorough understanding on how to evaluate the quality of security services

Learning objectives

  • Understand the concepts and general principles associated with MEHARI risk analysis method
  • Gain a thorough understanding of the four phases of the MEHARI approach
  • Develop the necessary skills to identify malfunctions, analyze scenarios of each malfunction, identify the malfunction value scale and prepare a formal classification of the information system assets
  • Develop the necessary skills to evaluate the quality of security services in an organization based on MEHARI method
  • Understand MEHARI risk model
  • Develop the necessary skills to characterize risk, analyze risk situations and conduct quantitative analysis of a risk situation
  • Acquire the necessary skills to develop security plans based on MEHARI approach

Educational approach

  • This training is based on both theory and best practices of risk analysis using MEHARI method
  • Lecture sessions are illustrated with examples based on case studies
  • Practical exercises are based on a case study which includes role playing and discussions
  • Practical exercises and examples are similar to the Certification Exam

Prerequisites

A fundamental knowledge of risk management.

Course agenda

Course agenda

Day 1: Introduction to concepts and phases of MEHARI risk analysis method

Day 2: Conducting risk analysis using MEHARI method

Day 3: Security planning according to MEHARI method and Certification Exam

Examination

Examination

The “Certified MEHARI Risk Manager” exam fully meets the requirements of the Examination and Certification Programme (ECP) and is labeled by CLUSIF. The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of MEHARI risk analysis method

Domain 2: Stakes analysis and classification

Domain 3: Evaluation of security services

Domain 4: Risk analysis

Domain 5: Defining security plans based on the MEHARI method

Certification

Certification

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.

The requirements for Risk Manager Certifications are:

Credential Exam Professional experience Risk Management experience Other requirements
Certified MEHARI Provisional Risk Manager Certified MEHARI Risk Manager exam or equivalent None None Signing the Code of Ethics
Certified MEHARI Risk Manager Certified MEHARI Risk Manager exam or equivalent Two years: One year of work experience in Risk Management Risk assessment activities: a total of 200 hours Signing the Code of Ethics

To be considered valid, these risk assessment activities should follow best implementation practices and include the following:

  1. Identifying malfunctions at the functional and technical levels
  2. Analyzing the seriousness of each identified malfunction
  3. Identification of malfunction value scale
  4. Identification of assets for classification and classification of assets
  5. Evaluation of security services
  6. Risk characterization
  7. Analysis of a risk situation and quantitative analysis
  8. Risk identification
  9. Developing security plans

General information

General Information

  • Certification fees are included on the exam price
  • Training material containing over 350 pages of information and practical examples will be distributed
  • A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued
  • In case of exam failure, you can retake the exam within 12 months for free

MEHARI

Related posts

6 Luglio 2017

EBIOS

Read more
6 Luglio 2017

OCTAVE

Read more