Added the next training details.

Author: ruslanbaidan

.github/workflows/latex.yml

@@ -73,6 +73,12 @@ jobs:
           working_directory: 20240918
           root_file: 20240918_MONARC-training.tex
 
+      - name: Compile LaTeX document
+        uses: xu-cheng/latex-action@master
+        with:
+          working_directory: 20241206
+          root_file: 20241206_MONARC-training.tex
+
       - run: mkdir -p artifact
       - run: mv 20200212/20200212_MONARC-training.pdf artifact/
 
@@ -102,9 +108,9 @@ jobs:
 
       - run: mkdir -p artifact
       - run: mv 20231206/20231206_MONARC-training.pdf artifact/
-      
+
       - run: mkdir -p artifact
-      - run: mv 20240918/20240918_MONARC-training.pdf artifact/
+      - run: mv 20241206/20241206_MONARC-training.pdf artifact/
 
       - uses: actions/upload-artifact@v4
         with:

20241206/1-introduction/introduction.tex

@@ -0,0 +1,108 @@
+%
+% SECTION: Luxembourg House of Cybersecurity
+%
+\section*{Who we are - Our history}
+\begin{frame}
+%   \frametitle{Luxembourg House of Cybersecurity / Our history}
+  \begin{center}
+    \begin{itemize}
+      \item 2003: Cyberworld Awareness and Security Enhancement Services (\textbf{CASES});
+      \item 2007: Computer Incident Response Center Luxembourg (\textbf{CIRCL});
+      \item 2010: SECURITYMADEIN.LU is a \textit{GIE} (Groupement d’Intérêt Économique). CIRCL and CASES are department of SECURITYMADEIN.LU;
+      \item 2017: Cyber security Competence Center (\textbf{C3}), a new department of SECURITYMADEIN.LU;
+      \item On 17th Oct. 2022: SECURITYMADEIN.LU transformed into the Luxembourg House of Cybersecurity (\textbf{LHC})\\
+        CASES and C3 are now the National Cybersecurity Competence Centre of Luxembourg (\textbf{NC3})
+    \end{itemize}
+  \end{center}
+  CASES was an initiative of the Ministry of Economy after the worm
+  \textit{I love you} decimated more than 3 millions computers in less than a week.
+\end{frame}
+
+% \begin{frame}
+%   \frametitle{CASES}
+%   \framesubtitle{}
+%   \begin{block}{Mission}
+%     Foster cyber security by supporting Luxembourg administrations and SMEs.
+%   \end{block}
+%
+%   \begin{block}{Services}
+%     \begin{center}
+%       \begin{itemize}
+%         \item \textbf{Awareness}: publications of articles and videos;
+%         \item \textbf{Trainings}:
+%         introduction to cyber security for different audiences;
+%         \item \textbf{Software}:
+%         MONARC, MOSP, Fit4Cybersecurity, etc.
+%       \end{itemize}
+%     \end{center}
+%   \end{block}
+%
+%   \begin{block}{Cooperations}
+%     ANSSI-LU,
+%     Centre for Cyber Security Belgium, KonzeptAcht GmbH, ILR, GRC-Luxembourg and others.
+%   \end{block}
+% \end{frame}
+
+% --------- Summary ---------
+\setcounter{tocdepth}{1}
+\begin{frame}
+  \frametitle{Content at glance}
+  \tableofcontents
+\end{frame}
+\setcounter{tocdepth}{4}
+% ----------------------------
+
+%
+% SECTION: What is MONARC?
+%
+\section{What is MONARC?}
+\begin{frame}
+  \frametitle{Summary}
+  \tableofcontents[currentsection, hideothersubsections]
+\end{frame}
+\subsection{An open source software}
+\begin{frame}
+  \frametitle{An open source software}
+  \framesubtitle{}
+  MONARC is the tool you need for an optimised, precise and repeatable risk assessment.
+
+  \bigskip
+  \begin{itemize}
+    \item Web application (SaaS, self-hosted, virtual machine, etc.);
+    \item source code\footnote{\url{https://github.com/monarc-project}}:
+    \texttt{GNU Affero General Public License version 3};
+    \item data: \texttt{CC0 1.0 Universal - Public Domain Dedication}.
+  \end{itemize}
+
+  \bigskip
+  MONARC is easy to use.
+
+  Used and recognized by experts from different fields (not only information security).
+
+  \bigskip
+  For many users, it started with a spreadsheet!
+\end{frame}
+
+\subsection{A community}
+\begin{frame}
+  \frametitle{A community}
+  \framesubtitle{}
+  \begin{itemize}
+    \item more than 300 organizations:\\ \url{https://my.monarc.lu};
+    \item 17 organizations sharing MONARC objects (threats, assets, recommendations, etc.):\\
+    \url{https://objects.monarc.lu};
+    \item a global dashboard with trends about threats and vulnerabilitties:\\
+    \url{https://dashboard.monarc.lu};
+    \item discussions on GitHub:\\
+    \url{https://github.com/monarc-project/MonarcAppFO/discussions}.
+  \end{itemize}
+\end{frame}
+
+\subsection{A method}
+\begin{frame}
+  \frametitle{A method}
+  \framesubtitle{Based on \texttt{ISO/IEC 27005:2011}, but optimized}
+  \begin{center}
+    \includegraphics[scale=0.6]{../common_pictures/iso27005-2011.png}
+  \end{center}
+\end{frame}

20241206/2-method/method.tex

@@ -0,0 +1,144 @@
+
+%
+% SECTION: The method
+%
+\section{The method}
+\begin{frame}
+  \frametitle{Summary}
+  \tableofcontents[currentsection, hideothersubsections]
+\end{frame}
+
+
+\subsection{Management of risk}
+\begin{frame}
+  \frametitle{A Structured, Iterative and Qualitative method}
+  \framesubtitle{}
+  \begin{columns}[t]
+    \begin{column}{5.5cm}
+      \begin{figure}
+        \includegraphics[width=5.5cm]{../common_pictures/MONARC-method-1.png}
+      \end{figure}
+    \end{column}
+    \begin{column}{6.5cm}
+      \begin{itemize}
+        \item Structured: 1, 2, ..., n.
+        \item Iterative: \textbf{Plan}, \textbf{Do}, \textbf{Check}, \textbf{Act}
+        \item Qualitative: \textbf{Values} / \textbf{Consequence}
+        \begin{itemize}
+          \item Impact/Consequence, Threat, Vulnerability;
+          \item \textbf{r}eputation, image;
+          \item \textbf{o}peration;
+          \item \textbf{l}egal;
+          \item \textbf{f}inancial;
+          \item \textbf{p}erson (to the).
+        \end{itemize}
+        Possibility to define custom scales for operational risks.
+      \end{itemize}
+    \end{column}
+  \end{columns}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Automated and simplified management}
+  \framesubtitle{Method based on \texttt{ISO/IEC 27005}}
+  \begin{center}
+    \includegraphics[scale=0.45]{../common_pictures/MONARC-method-2-2.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Automated and simplified management}
+  \framesubtitle{Sub-stages provided by the method are also in line with \texttt{ISO/IEC 27005}}
+  \begin{center}
+    \includegraphics[scale=0.4]{../common_pictures/MONARC-method-2-1.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \begin{block}{Information risks}
+    $$R = \textbf{I}mpact \times \textbf{T}hreat \times \textbf{V}ulnerability$$
+    \begin{itemize}
+      \item impact on \textbf{C}onfidentiality \textbf{I}ntegrity \textbf{A}vailability;
+      \item on secondary assets.
+    \end{itemize}
+  \end{block}
+
+  \begin{block}{Operational risks}
+    $$R = \textbf{I}mpact \times \textbf{P}robability$$
+    \begin{itemize}
+      \item impact by default on ROLFP (possibility to define custom scales);
+      \item on primary assets.
+    \end{itemize}
+  \end{block}
+\end{frame}
+
+
+
+\subsection{An optimized method}
+\begin{frame}
+  \frametitle{Optimizations}
+  \framesubtitle{}
+  MONARC is an optimized method:
+  \begin{itemize}
+    \item inheritance on objects;
+    \item scope of objects;
+    \item inheritance on impacts;
+    \item deliverables;
+    \item multiple dashboards and reporting possibilities.
+  \end{itemize}
+\end{frame}
+
+\subsubsection{Inheritance on objects}
+\begin{frame}
+  \frametitle{Inheritance on objects}
+  \framesubtitle{Modelling}
+  \begin{center}
+    \includegraphics[scale=0.45]{../common_pictures/MONARC-method-modelling.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Inheritance}
+  \framesubtitle{Formalisation of the modelling}
+  \begin{center}
+    \includegraphics[scale=0.5]{../common_pictures/MONARC-modelling-formalisation.png}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Inheritance}
+  \framesubtitle{Formalisation of an asset}
+  Example with \texttt{OV\_BATI}
+  \begin{center}
+    \includegraphics[scale=0.7]{../common_pictures/ov_bati.png}
+  \end{center}
+\end{frame}
+
+\subsubsection{Scope of objects}
+\begin{frame}
+  \frametitle{Scope of objects}
+  \framesubtitle{Global or local assets}
+  \begin{center}
+    \begin{center}
+      \includegraphics[scale=0.45]{../common_pictures/global-vs-local.png}
+    \end{center}
+  \end{center}
+\end{frame}
+
+\subsubsection{Inheritance on impacts}
+\begin{frame}
+  \frametitle{Inheritance on impacts}
+  \framesubtitle{}
+  \begin{center}
+    \begin{center}
+      \includegraphics[width=12cm]{./pictures/impacts-inheritance.png}
+    \end{center}
+  \end{center}
+\end{frame}
+
+\subsubsection{Deliverables}
+\begin{frame}
+  \frametitle{Deliverables}
+  \framesubtitle{}
+  Shareable and customised templates of deliverables.
+\end{frame}