Work in progress
This Map of Content aims to be expanded in the future as learning notes on E-BIOS RM, CISSP certification and system dynamics* get written-up.
E-BIOS RM : the French risk assessment methodology.
As a French citizen pivoting to GRC, EBIOS RM and ISO 27K are both must learn topics. Since the methodology is already well defined and structured, the following note is aimed at internalizing each step and concept. This is done through rephrasing, summing-up or elaborating topics of interest regarding EBIOS.
NIS2 ; DORA : compliance in the European Union.
After working my way through EBIOS RM and ISO, the next step in sight are both NIS2 directives and DORA. Most companies are looking to comply to NIS2, while financial structures must also work their way through DORA. Understanding these will be mandatory for GRC competency in the future. A dedicated note on both NIS2 and DORA is coming during the summer.
CISSP : Understanding cybersecurity stakes and management.
As the mid-long term objective is to obtain a solid knowledge over the cybersecurity’s big picture, the CISSP seems quite fitting in managerial and organisational skills. Although ISO/IEC 27001 lead auditor, ISO/IEC 27001 lead implementer are both valuable certifications for the moment, I would rather focus on this one for learning purposes. A walkthrough note is on the way as I continue to work my way through the learning process until the exam.
System Dynamics and GRC
Here comes the most interesting part, something novel (I hope). As I look forward to a deep-dive into system dynamics, my objective for 2027 is to find how efficiently the system dynamics approach can be exploited to assess a security posture, anticipate events tied to risks and provide solutions to both implementation and strategic choices. Some papers are already discussing this very topic, though I intend to get my hands dirty through practical application of these concepts.