CYBERSECURITY
INTERNET GOVERNANCE
NEW

Training : Cybersecurity for decision makers

Last updated on : 6th October 2025

Home > Products and services > Our training courses > Cybersecurity for decision makers

1 day
Présentiel/distanciel

Desired date :

Rate : €1,000 excl. tax per participant (Inter-company format) or €3,000 excl. tax (from 3 participants up to a maximum of 8 participants - Intra-company format)

Cyber-attacks and vulnerabilities are no longer just a technical matter: senior executives have direct responsibility for them and they require the committed involvement of all managers. This one-day training session gives participants an understanding of the stakes actually involved, the legal and regulatory obligations and each person’s role in the governance of security. It provides them with the necessary markers to be able to steer, change course and integrate cybersecurity in their organisation’s strategy without acting as a drag on its activity.

Description and teaching objectives of the training programme

This training course will enable you to:

explain the main cyber-threats (malware, network attacks, social engineering, etc.) and their impacts on your organisation;
identify your organisation’s vulnerabilities and weak points by mapping the risks and critical digital assets;
implement good practices and cyber hygiene rules to reduce the risk of attacks;
assess your organisation’s cybersecurity maturity and propose paths for improvement based on the ISMS approach and the PDCA cycle.

Duration

1 day

Target audience

CIO, Infrastructure and IT Security Manager
Managers of VSEs/SMEs with no CIO or IT Security Manager
IT managers in VSEs/SMEs or local and regional authorities (town halls, departmental councils, departments, etc.)
Cybersecurity and infrastructure consultants in VSEs/SMEs

Prerequisites

No technical prerequisites. The training session is intended for decision makers or managers with a general understanding of their digital environment wishing to structure a cybersecurity system without technical expertise.

Trainers

Lotfi Benyelles, Head of Consulting and Training at Afnic
Richard Coffre, Project Manager at Afnic
Régis Massé, Director of Information Systems and Chief Technical Officer at Afnic

Training location

The training will be delivered online using our video-conference tool.

A connection link will be sent to you once your registration has been completed.

Assessment

Final assessment of the training course will be in the form of a multiple-choice questionnaire.

Cost

Inter-company format: €1,000 excl. tax per participant

Intra-company format: €3,000 excl. tax (from 3 participants up to a maximum of 8 participants)

If you wish several persons from your organisation to be trained in inter-company format, or if you would like us to design a tailor-made training session in accordance with your needs and projects, contact us so that we can make a quotation.

Booking details

Bookings are possible up to 5 working days prior to the session.

View training program

Morning: Understanding cyber-threats

9:00 – 9:30 a.m. | Welcome and introduction

Presentation of the training course objectives
Round robin: participants’ expectations and levels of knowledge
Cybersecurity today, in context

9:30 – 10:30 a.m. | Part 1: Overview of threats and types of attack

Current types of threats
Malware attacks (ransomware, spyware, keyloggers)
Social engineering (phishing, vishing, smishing, quishing, whaling)
Network attacks (MitM, DDoS, sniffing)
Exploitation of vulnerabilities (zero-day attacks, SQL injection, XSS attacks, exploitation of security misconfigurations)
Attacks on identities and accounts (credential stuffing, brute force, password spraying)
Attacks on the supply chain
Threat status according to ANSSI, the French cybersecurity agency
Map of attacks in local authorities and public administrations
Case study (M6, FRANCE 5, Casino) and interactive exchanges

10:45 a.m. – 12:00 noon | Part 2: The basics of cybersecurity

What’s at stake in security: availability, confidentiality, integrity, traceability
Stakeholders’ expectations and what’s at stake in cybersecurity. Retranslating them into security terms (availability, confidentiality, integrity, traceability)
Mapping of digital assets and the digital ecosystem (asset mapping template)
Cyber hygiene rules (10 good practices)
Risk-based approach (RBA)
Construction of a risk management model appropriate to your organisation (EBIOS RM, the method published by ANSSI with the support of Club EBIOS.)
Risk assessment
Application to business cases

Afternoon: Implementing a strategy of protection and continuous improvement

1:00 – 1:30 p.m. – Practical workshop: Identifying vulnerabilities in an imaginary scenario

1:30 – 3:15 p.m. | Part 3: ISMS approach and continuous improvement

Implementing a proactive risk management system
Integrating the risk-based approach (risk reduction, risk mitigation plan)
Bases of an Information Security Management System (ISMS)
Continuous improvement and PDCA
Increasing cybersecurity maturity
Turning cybersecurity into a strategic advantage
Case study: Draw up a protection strategy for a VSE/SME

3:30 – 4:45 p.m. | Part 4: Action plan and implementation

The regulatory landscape
ISO 27001 standard
Introduction to the NIS and NIS 2 directives
Presentation of the draft law on resilience
Drawing up a customised action plan
Identifying the priority actions for your business
Establishing an awareness-raising plan for your employees
Open discussion: challenges and feedback on participants’ experience

4:45 – 5:00 p.m. | Part 5: Conclusion and evaluation

Closure and distribution of teaching materials

DIRECCTE declaration number: 11788446878

1 day
Présentiel/distanciel

Desired date :

Rate : €1,000 excl. tax per participant (Inter-company format) or €3,000 excl. tax (from 3 participants up to a maximum of 8 participants - Intra-company format)

PDF format

Need further information on tailoring a training course to your needs?

Tailor-made training

Our experts can adapt to your needs and devise a custom training course. For group enrolment, please contact us for a custom quotation.

Specific arrangements

Afnic places great importance on inclusion of people with a disability. If you require any specific arrangements, please contact us before registering to discuss your proposal (programme, adapted materials, specific needs in terms of accessibility or organisation, etc.)

Certification

Afnic is QUALIOPI® certified as a training organisation.

View our Qualiopi certificat (PDF 141 Ko)

Other training courses you may be interested in

DNS
CYBERSECURITY

Securing your DNS infrastructure with DNSSEC

The DNS is a strategic infrastructure, since all internet services for companies, associations and public organisations depend on it. Implementing DNSSEC allows you to secure this key infrastructure.

2 days
Distanciel
Next session: From 20th November to 21st November 2025

DNS
CYBERSECURITY

Securing your email thanks to the DNS with DKIM, DMARC, SPF

Email is currently a medium much favoured by scammers: spam, phishing and various other scams. DKIM, DMARC and SPF are three sender authentication techniques currently found in the toolbox of organisations seeking to combat these forms of online abuse.

2 days
Distanciel
Next session: From 9th October to 10th October 2025

DOMAIN NAME

Managing and securing a portfolio of domain names – Key Accounts

A portfolio of domain names is an invaluable asset for an organisation. And yet in many cases it is the result of several decades of acquisitions carried out haphazardly, with no unified standards and with no one in charge. The risks entailed by this scattered approach are numerous: uncontrolled costs, poor online brand protection, endangering the information system, damage to the brand image, etc. It is nowadays essential to put in place a pertinent and effective domain names policy in order to protect your digital territory and your brand in the broader sense.

2 days
Distanciel
Next session: No date for the moment