Digital Risk Management

To support the digital transformation and its actors in the quest for more security, ANSSI develops a doctrine which it evolves with agility, to go beyond the technical approach alone, and to encourage the creation and implementation of comprehensive, adapted and integrated digital risk management policies at the highest level of organizations.

Publish the 11 August 2022 Updated 13 November 2023

For many years, organizations have implemented IT risk management based on the security of their information systems alone. This was based on criteria such as confidentiality, integrity and availability and applied mainly to transversal or support activities.

With the digital transformation of all actors in society and their increasing interconnection, IT risk management has gradually evolved within organizations towards a global management of digital risk. In view of the technological, economic and even geopolitical contexts, this risk is a growing concern for all organizations’ activities.

A collective approach, managed at the highest level

With the increase of digital risk and its propensity to spread to all of the organisation’s activities, managers must define with the boards and the business teams new risk acceptance thresholds (appetite for risk). These risks are not limited to the organization only, they also concern the stakeholders of the value chain with who they shall be shared.

How to get started

You are convinced of the need to properly address digital risk within your organization, but don’t know where to start? We got what you need!

The approach described in this guide has been developed by ANSSI and AMRAE. It builds on the experience of the principal actors involved in digital risk control.

In 15 steps, this reference work supports public or private organisations of all sizes through a process that drains strategic, economic and reputation issues. Tomorrow, the responsible and trusted organization will be able to control the digital risk. That said, leaders have to understand it, implement the appropriate actions and learn to value this investment.

EBIOS Risk Manager – The method for Risk Analysis

As the powerful engine of Digital Risk Management approach, EBIOS Risk Manager (EBIOS RM) is the method for assessing and treating digital risks, published by French National Cybersecurity (ANSSI) with the support of Club EBIOS.

It provides a toolbox that can be adapted, of which the use varies according to the objective of the project. EBIOS Risk Manager is compatible with the reference standards in effect, in terms of risk management as well as in terms of cybersecurity.