1

The EBIOS Risk Manager method

• Risk management fundamentals.
• Overview of EBIOS.
• Spotlight on cybersecurity (priority threats).
• Main definitions of an EBIOS Risk Manager.

2

Framing and security base

• Identifying the technical and business scope.
• Identifying the feared events and assessing their severity levels.
• Determining the security base.

3

Sources of risk.

• Identifying risk origins (ROs) and their target objectives (TOs)
• Assessing the relevance of these pairs.
• Assessing the RO/TO pairs and selecting the ones deemed a priority for the analysis.
• Assessing the severity of the strategic scenarios.

4

Strategic scenarios

• Assessing the threat levels associated with stakeholders.
• Building a digital threat map of the ecosystem and critical stakeholders.
• Writing strategic scenarios.
• Defining security threats to the ecosystem.

5

Operational scenarios

• Writing operational scenarios.
• Assessing likelihoods.
• Threat modeling, ATT&CK.
• Common attack pattern enumeration and classification (CAPEC).

6

Handling risk

• Conducting a summary of risk scenarios.
• Defining the treatment strategy.
• Defining the security measures in a security continuous improvement plan (SCIP).
• Evaluating and documenting residual risks.
• Setting up a risk monitoring framework.

7

Review and preparation for the exam

• Review of the program.
• Mock exam and group correction. Tips for the exam.

8

Certification

• At the end of the course, a participation certificate worth 21 CPD (Continuing Professional Development) credits is issued.
• The exam consists of answering 12 questions in two-and-a-half hours.
• A minimum score of at least 70% is required to pass.