EBIOS Risk Manager – The method
EBIOS Risk Manager (EBIOS RM) is the method for assessing and treating digital risks, published by National Cybersecurity Agency of France (ANSSI) with the support of Club EBIOS. It provides a toolbox that can be adapted, of which the use varies according to the objective of the project. EBIOS Risk Manager is compatible with the reference standards in effect, in terms of risk management as well as in terms of cybersecurity.
EBIOS RM makes it possible to assess digital risks and identify the security measures to be taken in order to control them. It also makes it possible to validate the acceptable level of risk and to carry on in the longer term in a continuous improvement approach. Finally, this method makes it possible to bring about resources and arguments that are useful for communication and decision-making within the organisation and with regards to its partners.
The EBIOS RM method can be used for several purposes:
- setting up or reinforcing a management process of the digital risk within an organisation;
- assess and treat the risks relating to a digital project, in particular with the aim of a security accreditation;
- define the level of security to be achieved for a product or service according to its use cases and the risks to be countered, in the perspective of a certification or accreditation for example.
It applies to public as well as private organizations, regardless of their size, their sector of activity and whether their information systems are being developed or already exist.
An iterative approach
The EBIOS Risk Manager method adopts an approach to the management of the digital risk starting from the highest level (major missions of the studied object) to progressively reach the business and technical functions, by studying possible risk scenarios.
It aims to obtain a synthesis between "conformity" and "scenarios", by positioning these two complementary approaches where they provide the highest value added.
Going Further - Methodological sheets
In addition to the EBIOS Risk Manager guide, "method sheets" have been created to help users conduct each workshop described in the guide.
Designed as pedagogical support tools, these method sheets are regularly updated.