Module 2: Governance, risk management and compliance

Master GRC concepts, based on standards, methodologies and regulations.

 ISO 27001 and 27002, SMSI, NIS, LPM, EBIOS, etc.

Governance, risk management and compliance

This module is part ofActivity 1 (A1): Governance and risk management in cybersecurity.

Task 1 (A1T1): Develop and manage the cybersecurity governance strategy

- A1T1C1: Define an information systems security policy (ISSP) aligned with standards and regulations (ISO 27001, RGPD, NIS2).

- A1T1C2: Oversee the implementation of a governance framework to monitor and evaluate progress in cybersecurity.

- A1T1C3: Set up and coordinate steering committees or bodies to optimize cybersecurity performance indicators.

Task 2 (A1T2): Identify and analyze cybersecurity risks

- A1T2C1: Use recognized methodologies, such as EBIOS or ISO 27005, to carry out risk analyses.

- A1T2C2: Assess threats specific to the organization and their potential impact on information systems.

- A1T2C3: Write analysis reports including operational recommendations to mitigate risks.

Task 3 (A1T3): Oversee the implementation of risk management

- A1T3C1: Manage risks in coordination with technical teams.

- A1T3C2: Conduct internal or external audits to assess compliance and effectiveness of measures.

- A1T3C3: Implement appropriate corrective and reactive measures.

- A1T3C4: Maintain a proactive watch on emerging threats and technological and regulatory developments.

Task 4 (A1T4): Manage a cybersecurity crisis

- A1T4C1: Coordinate a crisis unit by defining roles, responsibilities and action plans to limit the impact of a cybersecurity incident.

- A1T4C2: Implement and monitor a cyber crisis management plan, including internal and external communications (crisis communications).

- A1T4C3: Analyze the post-crisis incident to identify flaws, root causes and propose improvements to strengthen resilience.

- A1T4C4: Lead and coordinate crisis management exercises to test teams' ability to respond to cybersecurity incidents.