Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

Training programme: Cybersecurity for decision makers

Home > Products and services > Training > Cybersecurity for decision makers

Cyber-attacks and vulnerabilities are no longer just a technical matter: senior executives have direct responsibility for them and they require the committed involvement of all managers. This one-day training session gives participants an understanding of the stakes actually involved, the legal and regulatory obligations and each person’s role in the governance of security. It provides them with the necessary markers to be able to steer, change course and integrate cybersecurity in their organisation’s strategy without acting as a drag on its activity.

Description and teaching objectives of the training programme

This training course will enable you to:

  • explain the main cyber-threats (malware, network attacks, social engineering, etc.) and their impacts on your organisation;
  • identify your organisation’s vulnerabilities and weak points by mapping the risks and critical digital assets;
  • implement good practices and cyber hygiene rules to reduce the risk of attacks;
  • assess your organisation’s cybersecurity maturity and propose paths for improvement based on the ISMS approach and the PDCA cycle.

Duration

1 day

Target audience

  • CIO, Infrastructure and IT Security Manager
  • Managers of VSEs/SMEs with no CIO or IT Security Manager
  • IT managers in VSEs/SMEs or local and regional authorities (town halls, departmental councils, departments, etc.)
  • Cybersecurity and infrastructure consultants in VSEs/SMEs

Prerequisites

No technical prerequisites. The training session is intended for decision makers or managers with a general understanding of their digital environment wishing to structure a cybersecurity system without technical expertise.

Trainers

Training location

The training will be delivered online using our video-conference tool.

A connection link will be sent to you once your registration has been completed.

Assessment

Final assessment of the training course will be in the form of a multiple-choice questionnaire.

Cost

Inter-company format: €1,000 excl. tax per participant

Intra-company format: €3,000 excl. tax (from 3 participants up to a maximum of 8 participants)

If you wish several persons from your organisation to be trained in inter-company format, or if you would like us to design a tailor-made training session in accordance with your needs and projects, contact us so that we can make a quotation.

NDA DIRECCTE: 11788446878

Morning: Understanding cyber-threats

9:00 – 9:30 a.m. | Welcome and introduction

  • Presentation of the training course objectives
  • Round robin: participants’ expectations and levels of knowledge
  • Cybersecurity today, in context

9:30 – 10:30 a.m. | Part 1: Overview of threats and types of attack

  • Current types of threats
  • Malware attacks (ransomware, spyware, keyloggers)
  • Social engineering (phishing, vishing, smishing, quishing, whaling)
  • Network attacks (MitM, DDoS, sniffing)
  • Exploitation of vulnerabilities (zero-day attacks, SQL injection, XSS attacks, exploitation of security misconfigurations)
  • Attacks on identities and accounts (credential stuffing, brute force, password spraying)
  • Attacks on the supply chain
  • Threat status according to ANSSI, the French cybersecurity agency
  • Map of attacks in local authorities and public administrations
  • Case study (M6, FRANCE 5, Casino) and interactive exchanges

10:45 a.m. – 12:00 noon | Part 2: The basics of cybersecurity

  • What’s at stake in security: availability, confidentiality, integrity, traceability
  • Stakeholders’ expectations and what’s at stake in cybersecurity. Retranslating them into security terms (availability, confidentiality, integrity, traceability)
  • Mapping of digital assets and the digital ecosystem (asset mapping template)
  • Cyber hygiene rules (10 good practices)
  • Risk-based approach (RBA)
  • Construction of a risk management model appropriate to your organisation (EBIOS RM, the method published by ANSSI with the support of Club EBIOS.)
  • Risk assessment
  • Application to business cases

Afternoon: Implementing a strategy of protection and continuous improvement

1:00 – 1:30 p.m. – Practical workshop: Identifying vulnerabilities in an imaginary scenario

1:30 – 3:15 p.m. | Part 3: ISMS approach and continuous improvement

  • Implementing a proactive risk management system
  • Integrating the risk-based approach (risk reduction, risk mitigation plan)
  • Bases of an Information Security Management System (ISMS)
  • Continuous improvement and PDCA
  • Increasing cybersecurity maturity
  • Turning cybersecurity into a strategic advantage
  • Case study: Draw up a protection strategy for a VSE/SME

3:30 – 4:45 p.m. | Part 4: Action plan and implementation

  • The regulatory landscape
  • ISO 27001 standard
  • Introduction to the NIS and NIS 2 directives
  • Presentation of the draft law on resilience
  • Drawing up a customised action plan
  • Identifying the priority actions for your business
  • Establishing an awareness-raising plan for your employees
  • Open discussion: challenges and feedback on participants’ experience

4:45 – 5:00 p.m. | Part 5: Conclusion and evaluation

  • Closure and distribution of teaching materials