MEHARI

  

 
 
View training schedule

MEHARI (3 days)

This 3 days course is designed to help analysts perform information security risk assessments using the MEHARI method (“MEthode Harmonisée d'Analyse de RIsques”, or harmonized risk analysis method), which was developed by the Club de la Securité de l’Information Français (CLUSIF). Through lectures, exercises, demonstrations and discussions, the participants will be able to manage and control information security risks, to evaluate them and to develop risk mitigation plans in accordance with company’s strategic objectives, administration, technologies and organization elements.

Curriculum

Day 1 : Secutity stake analysis and classification

  • Introduction
  • Security stakes analysis and classification
    • Overview of process
    • Malfunction value scale
    • Resources classification

Day 2 : Vulnerabilities evaluation

  • Security services evaluation or vulnerabilities evaluation
    • Quality of security services
    • Evaluating security service quality
    • The audit process

Day 3 : Risk analysis

  • Risk analysis
    • Evaluation of risk situation
    • Quantitative analysis of risk situation
    • Identification of risk situations
    • Evaluation of project risk
  • Security plans and uses of MEHARI
  • MEHARI tools
  • Conclusion

 

Prerequisites :

  • None

General information :

  • Maximum number of students: 12
  • All the necessary course material, include the MEHARI documentation, will be provided to participants.
  • A certificate of attendance will be given to participants
Please note that this course is only offered in French.