Course Description
Cyberattacks no longer make headlines only at large corporations. SMEs, hospitals, local authorities, law firms, every organisation is now a target. And in the vast majority of cases, it is not a technical flaw that causes the incident: it is a poorly informed human decision, an absent governance process, or a misunderstood regulatory obligation. This Cybersecurity & Information Risk Management course was designed for professionals who need to master cybersecurity in its regulatory, strategic and operational dimensions, without necessarily being engineers.
You will learn to assess and manage information risk using the EBIOS RM methodology, understand the obligations imposed by NIS2, GDPR, DORA and the CRA, and build governance architectures compliant with French and EU law.
Across 6 progressive modules, you will move from risk management to security strategy, from data protection to incident response, from regulatory compliance to cybersecurity leadership. By the end of this course, you will be able to speak with authority, act with method and protect your organisation effectively.
Why Information Risk Management Training Matters
In 2023, the average cost of a data breach in France reached €4.5 million.
NIS2, DORA, GDPR and the CRA directive impose new obligations and severe sanctions. Organisations that fail to train their teams expose themselves to significant legal, financial and reputational risks — and regulators are no longer lenient.
Where This Course Takes You
Master information risk with a proven methodology
You will be able to conduct a risk assessment using EBIOS RM, map your critical assets and build a risk treatment plan that is directly usable within your organisation.
Navigate the French and EU regulatory landscape
NIS2, GDPR, DORA, CRA — you will understand what each regulation concretely requires, who it applies to, and how to build lasting compliance without improvising.
Protect data and manage breaches confidently
You will be able to oversee a DPIA, manage a breach notification within 72 hours, and structure the governance of cross-border data transfers.
Speak cybersecurity at executive level
You will know how to quantify cyber risk in financial terms, build an executive dashboard and present a credible cybersecurity strategy to a management committee or board of directors.
Certification
Course Curriculum
6 sections3 Hours total length
Module 1 : Gestion des risques liés à l’information et EBIOS RM
- Intégration de la gouvernance des risques et du SMSI
- Méthodologie EBIOS Risk Manager
- Cartographie de l'évaluation et du contrôle des risques opérationnels
- Gestion des risques liés aux tiers et à la chaîne d'approvisionnement
Module 2 : Fondements juridiques de la cybersécurité en France et dans l'UE
- structure de gouvernance nationale française en matière de cybersécurité
- Directives et règlements de l'UE (NIS2, RGPD, DORA, CRA)
- Obligations sectorielles en matière de cybersécurité en France
- Responsabilité juridique, sanctions et mécanismes d'application
Module 3 : Ingénierie de la protection et de la confidentialité des données
- Mise en œuvre de la conformité au RGPD en France
- Évaluations d'impact relatives à la protection des données (EIPD)
- Notification des violations et rapports réglementaires
- Gouvernance des transferts transfrontaliers de données
Module 4 : Sécurité technique et architecture défensive
- architecture de sécurité des réseaux et des infrastructures
- Conformité de la sécurité des applications et du cloud
- gouvernance de la gestion des identités et des accès
- Gestion des incidents et des crises cybernétiques
Module 5 : Gouvernance, stratégie et impact économique
- Stratégie de cybersécurité et supervision exécutive
- Quantification des risques financiers et cyberassurance
- Paysage des menaces et protection des infrastructures critiques
- Éthique, souveraineté numérique et gouvernance de l'IA
Module 6 : Conformité, audit et amélioration continue
- Feuille de route de conformité et alignement réglementaire
- Gestion du cycle de vie des certifications et des audits
- Indicateurs, rapports et surveillance continue
- développement professionnel et leadership en cybersécurité