The productions related to EBIOS
1. Risk management in general | 2. Cybersecurity implementation | 3. Privacy implementation
In a spirit of sharing and reuse, the productions that are the exclusive property of their authors are, unless otherwise specified and subject to the intellectual property rights of third parties, made available under the terms of the following license:
Standards
Methods
- EBIOS Generic Approach
This guide is the EBIOS* generic approach. It provides a common base to any sector-specific breakdown. Initially designed for information security, EBIOS can be employed in all fields using the appropriate techniques and knowledge bases.
EBIOS allows us to assess and treat risks. It also supplies all the information required for communication within the organization and ...
Q&A
Standards
Methods
- The ANSSI’s method: EBIOS Risk Manager
EBIOS, the French reference method, helps organizations to identify and understand their own digital risks. It allows determining security controls that suit to the threat and setting up the monitoring and continuous improvement framework following a risk analysis shared at the highest level.
On the ANSSI website: EBIOS Risk Manager
Listen to the podcast with Fabien CAPARROS ...
Q&A
Tools
Articles, interviews, videos, academic researches
Workshop 1 – Scope and security baseline
Q&A
Alternative techniques
- A Privacy Baseline
The following document can be used for determining the baseline of the Workshop 1 of EBIOS Risk Manager, when the scope of the study is a processing of personal data:
> Download
It constitutes a declaration of applicability relating to the fundamental principles related to the protection of privacy.
The other Workshops of the study makes it possible ...
Workshop 2 – Risk origins
Workshop 3 – Strategic scenarios
Workshop 4 – Operational scenarios
Workshop 5 – Risk treatment
Standards
- ISO/IEC 29100 – Privacy framework
This international standard defines the vocabulary and principles that must be respected by any specific approach to privacy.
>See the standard (for free)
- ISO/IEC 29134 – Privacy impact assessment
This international standard defines the principles that must be respected by any risk management approach specific to privacy.
>See the standard (paying)
Methods
- The CNIL’s PIA Guides
The CNIL’s PIA Guides have been updated to provide a tool for the General Data Protection Regulation (GDPR).
The methodological approach is a privacy specific instantiation of the EBIOS toolbox.
It allows to build and demonstrate compliance with the GDPR of a processing of personal data.
The guides (the methodology, the templates and the knowledge bases) are provided ...
Tools
Alternative techniques
- A Privacy Baseline
The following document can be used for determining the baseline of the Workshop 1 of EBIOS Risk Manager, when the scope of the study is a processing of personal data:
> Download
It constitutes a declaration of applicability relating to the fundamental principles related to the protection of privacy.
The other Workshops of the study makes it possible ...
Guidance
- How to use EBIOS Risk Manager to conduct a PIA?
For all those who wish to use EBIOS Risk Manager to conduct a PIA (Privacy Impact Assessment, commonly, or Data Protection Impact Assessment – DPIA, in the specific context of the Article 35 of GDPR), here is an infographic which summarizes the approach:
Broadly speaking, information security / cybersecurity and privacy are both about data protection.
The ...
EBIOS on the web
