This guide is the EBIOS* generic approach. It provides a common base to any sector-specific breakdown. Initially designed for information security, EBIOS can be employed in all fields using the appropriate techniques and knowledge bases.
EBIOS allows us to assess and treat risks. It also supplies all the information required for communication within the organization and with its partners, and for validation of the way risks have been treated. It thus constitutes a complete risk management tool.
This is a real toolbox, from which we choose the actions to be implemented and the method of using them according to the objective of the study. It allows us to assess the risks using scenarios and to develop a coherent policy from them, based on concrete and assessable controls.
In a risk study, analyzed impacts highly rely on each stakeholder’s point of view. Starting from this understanding, this document push to take into account each actor considerations, in a “by design” logic, so that the product, system or service is accepted by everyone.
This document presents sectors in which tisk management plays a major role in order to enlight similarities and dissimilarities. Risk management is not only for information technology but concerns a growing amount of sectors that think about their survival and expansion strategies.
This memento provides with the concepts related to business continuity and their position in information security. Then, specific activities for business continuity are presented in 4 iterative steps. The referential, the organization and the associated tools are finally studied.