1. Home › 
  2. › 
  3. Cybersecurity for Risk Managers

Cybersecurity for Risk Managers

I register my interest

The goal of this course is to:


Level Expert
Learning format Classroom training

Total price *

Members: € 570
Non-members: € 685
Partners/ BZB: € 570
Incompany: tailor-made, prices on request

* Are you entitled to an allowance or subsidy?
* Price: service in the context of continuing professional training, exempt from VAT

Please let us know you're interested in this training should there be no date available, the planned date does not suit you and/or this session is full. As soon as about 5 people are registered on the interest list, we will propose a new course date. Your registration on the interest list is free of charge and without any obligation.

I register my interest

Target group

The training course can be followed by junior risk managers, internal and external auditors, treasurers and corporate financial professionals.

Required prior knowledge

Expert level training: this training requires thorough prior knowledge of the subject.



  • Introduction
    • Review of key threats for the financial sector, based on industry reports and incidents made public.
  • Cyber war game
    • We will apply the concepts explained previously to a specific scenario, which participants will need to solve in a crisis management game. The scenario features a realistic attack. Round after round, participants (which each have to take on a defined management role) act as the executive committee of the company and must process the information received and make the decisions, hoping that these will help control the attack and minimize business impact. At the end of the game, an explanation of the attack and the related mechanisms is given, and a brief summary of the counter measures that are recommended is provided – so that participants gain a concrete set of examples of how security controls can juggle an attack.​
  • Information Security Compliance landscape for the Financial Sector
    • Introduction to the different external compliancy requirements for the Financial sector as well as tips & tricks on how to ensure (internal) compliance. We will also touch upon the impact of the EBA guidelines, the GDPR and the NIS on Cybersecurity.
  • Risk Assessment for Cybersecurity
    • Starting from the ISO27005 framework, we will introduce a typical methodology for information security risk assessments, as well as briefly touch upon other known methodologies.
    • We will complement this theoretical introduction with two examples of risk assessment methodologies, one for a web application, and another for a third party supplier. There, we will introduce key security frameworks available to the risk manager to design an approach that addresses state of the art security controls exhaustively (e.g. ISO27002, CSA questionnaire, …) or select key controls to address most prominent risk areas (e.g. 20 critical security controls).
  • Integrate Information Security into Operational Risk Management
    • This session will focus on how to integrate Information Security in the overall Operational Risk Management process, from a methodology and governance point of view.


  • Duration: 1 day of training (6 class hours)
  • Hours: 09:00 to 17:00
  • Location: Febelfin Academy: Phoenix building, Koning Albert II-laan/Boulevard du Roi Albert II 19, 1210 Brussels
  • Language: This training will be given in English


You follow a ‘Classroom training’ face-to-face in a group. You, the other participants and the teacher are all present in the same classroom at an agreed time. There is an opportunity for interaction and feedback, both from the participants to the teacher and vice versa. The teaching material consists as a basis of a presentation via the MyFA learning platform, supplemented with various other items (such as digital syllabus, presentation, audiovisual fragments, etc.).

Training material: PowerPoint presentation


Niels Torisaen
Risk, finance & treasury
Compliance & audit

Vincent Defrenne
Risk, finance & treasury