Cybersecurity & Risk Management

3-Day Intensive Course for IT Professionals, Managers & Risk Analysts
3 Intense Days
7 Hours per Day (Split into two 3.5-hour sessions)

Learning Path Visual

From understanding threats to managing enterprise risk like a pro:

Day 1: Cybersecurity Foundations & Threat Landscape
Explore core cybersecurity concepts, current threat trends, and types of attacks (malware, phishing, ransomware, APTs). Learn how vulnerabilities arise and how threat actors exploit them. Understand the role of governance in prevention.

Day 2: Risk Assessment & Mitigation Strategies
Learn how to identify, classify, and prioritize cyber risks. Explore the risk management lifecycle: threat identification, impact analysis, likelihood estimation, controls, and mitigation strategies. Work with common frameworks (ISO 27005, NIST RMF).

Day 3: Governance, Compliance & Building a Security Culture
Dive into key regulations (GDPR, HIPAA, ISO 27001, PCI-DSS) and corporate governance. Learn how to develop security policies, lead awareness programs, and embed cybersecurity into corporate risk management practices.

Course Overview

Cybersecurity is no longer just an IT issue — it’s a critical business risk. This course provides professionals with a solid foundation in cyber threats, risk frameworks, and enterprise-level mitigation strategies. It bridges technical knowledge with risk governance, helping teams build a defensible security posture.

You’ll learn how to:

• Identify and understand major cyber threats and attack types

• Map vulnerabilities to business risk

• Conduct a cybersecurity risk assessment using industry standards

• Define mitigation strategies and implement layered defenses

• Navigate regulatory frameworks and ensure compliance

• Develop governance strategies and foster a security-aware culture

What’s Inside Each Day

Day 1 — Cybersecurity Foundations & Threat Landscape

• Cybersecurity principles: CIA triad, zero trust, defense in depth

• Threat actors: insiders, criminal groups, hacktivists, nation-states

• Common attacks: phishing, malware, ransomware, supply chain, DDoS

• Case study: major breaches and what went wrong

• Workshop: Identify vulnerabilities in a fictional company
  Toolkit: Threat matrix builder + terminology guide
  Focus: Awareness • Threat Analysis • Vulnerability Mapping

Day 2 — Risk Assessment & Mitigation Strategies

• Introduction to risk management in cybersecurity

• Risk = Threat x Vulnerability x Impact model

• Overview of frameworks: NIST, ISO 27005, FAIR

• Controls: technical, administrative, physical

• Workshop: Build a basic risk register and control plan
  Toolkit: Risk scoring template + mitigation map
  Focus: Risk Management • Control Design • Prioritization

Day 3 — Governance, Compliance & Building a Security Culture

• Overview of compliance standards: GDPR, HIPAA, ISO 27001, SOC 2

• Security policies and incident response planning

• Cyber insurance and third-party/vendor risk

• Creating a cybersecurity awareness program

• Workshop: Create a compliance checklist for a target industry
  Toolkit: Governance policy pack + awareness campaign builder
  Focus: Compliance • Culture • Enterprise Integration

Course Goals

By the end of this course, you’ll be able to:

• Analyze and describe major cybersecurity threats

• Conduct and document risk assessments aligned with industry standards

• Recommend layered mitigation strategies

• Develop basic cybersecurity governance documents

• Foster organizational security awareness

• Collaborate across IT, legal, and business teams for cyber risk management

Who Should Take This Course?

• IT professionals expanding into risk and security roles

• Compliance officers or GRC analysts

• Managers responsible for enterprise risk or vendor selection

• Security consultants, auditors, and students in cybersecurity programs

• Teams preparing for ISO 27001 or SOC 2 audits

Class Reference: INF-070/
Form Updated on: 06/19/2025 (Version 1)
Last Modified on: 06/19/2025

Program Note
Participants will receive downloadable templates for interview planning, competency maps, scorecards, behavioral questions, and a complete post-interview decision-making toolkit.

Brief pédagogique en français

INF-070/ Cybersécurité & Gestion des risques est présenté ici en version synthétique française afin que les équipes pédagogiques puissent évaluer rapidement l'intérêt du module.

Le module s'inscrit dans la famille IT et gestion de projet. Il peut être adapté au calendrier de l'école, au niveau Tous niveaux, au volume horaire 3 jours et aux modalités d'évaluation prévues.

Objectif d'intervention

Ce module vise à donner aux étudiants le langage et les repères nécessaires pour expliquer des systèmes IT.

Livrables et activités possibles

• description de systèmes, incidents, risques ou architectures
• dialogues de support, reporting technique et documentation courte
• présentations ou dossiers alignés avec le niveau de la promotion

Adaptation école

LC peut ajuster le déroulé, la langue d'enseignement, les supports, les exercices et les critères d'évaluation selon la promotion, le diplôme, le niveau d'autonomie attendu et les contraintes de planning.

Pour une version détaillée du syllabus en français, LC confirme le programme final après cadrage du niveau, des heures, du calendrier et des livrables attendus.