Publication date : 06/17/2024
Course : IS security, practical implementation of a risk analysis
Practical course - 2d
- 14h00 - Ref. CUR
|
Download in PDF format
Share this course by email
 | Identify and analyze IS threats and risks |
| Understand the fundamental concepts of IS security risk analysis |
| Know the analysis methods available to control IS risks |
| Identify and prioritize risks using a risk matrix |
| Understanding the content of a risk management plan |
Intended audience
CIO or IT department manager. Information system security manager (RSSI). IT project manager in charge of security projects.
Prerequisites
Basic knowledge of information systems security.
Practical details
Case study
A case study will serve as a common thread running through the two days, covering the entire practical risk analysis method.
Teaching methods
Alternating theory, examples and practical exercises carried out by participants on the basis of the case study at the end of each theme.
Course schedule
1 The notion of risk in information security
- Probability and likelihood.
- Impacts on IS and business.
- Quantifying the level of severity.
- Types of risk.
- Risk-based management. Principles. The benefits.
Hands-on work
Questionnaire on IS risks and risk management.
2 Identifying information assets
- Take inventory of assets: information and its media (primary, secondary).
- The organization in place, the scope to be covered.
- DICT classification.
- Interest and method.
Case study
Inventory and classification of information and its media.
3 Risk analysis
- Identification of threats and vulnerabilities.
- Risk assessment.
- Prioritization: the risk matrix, the notion of scenario.
Hands-on work
Identify and prioritize risks using the matrix.
4 Useful methods
- French methods: EBIOS, MEHARI.
- International methods: OCTAVE.
- The benefits, advantages and drawbacks of each method.
- The right choice of method and customization.
Hands-on work
Group brainstorming on selection criteria and the advantages and disadvantages of different methods.
5 Standards
- Various standards useful for risk analysis.
- The 27001 risk analysis approach.
- The PDCA approach (Plan - Do - Check - Act).
- The contributions of ISO 27002, BS25999 and ISO 31000.
Hands-on work
Examples of standard application.
6 Building a risk management plan
- Range of actions: prevention, protection, risk transfer, outsourcing, insurance.
- Build a risk treatment plan based on the risk matrix and other sources (audits, etc.).
- What the plan contains: objectives and measures, progress and quality indicators.
- Residual risks.
- Management and use of risk management plans.
Case study
Drawing up a risk management plan.
Customer reviews
4,5 / 5
Customer reviews are based on end-of-course evaluations. The score is calculated from all evaluations within the past year. Only reviews with a textual comment are displayed.
JEAN-FRANCOIS C.
20/11/25
5 / 5
The subject is very interesting and is covered clearly and comprehensively. Thanks to Jamal for his regular summaries, which really help.
JIHAD H.
20/11/25
4 / 5
the content is rich, if I have one improvement it's that the trainer doesn't play timekeeper sometimes the time dedicated to the preparation of a question is too long, for me it's important to propose a time for each question (e.g. you have 5 min) ...etc.
OLIVIER S.
20/11/25
5 / 5
CLEAR
PARTICIPANTS
CIO or IT department manager. Information system security manager (RSSI). IT project manager in charge of security projects.
PREREQUISITES
Basic knowledge of information systems security.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
CIO or IT department manager. Information system security manager (RSSI). IT project manager in charge of security projects.
PREREQUISITES
Basic knowledge of information systems security.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Dernières places
Date garantie en présentiel ou à distance
Session garantie