For all those who wish to use EBIOS Risk Manager to conduct a PIA (Privacy Impact Assessment, commonly, or Data Protection Impact Assessment – DPIA, in the specific context of the Article 35 of GDPR), here is an infographic which summarizes the approach:
Broadly speaking, information security / cybersecurity and privacy are both about data protection.
The goal is different: in the information security field, the goal is to protect the organization, while in privacy, the goal is to protect individuals / data subjects.
But the way to manage risk is perfectly compatible!
To conduct a PIA with EBIOS Risk Manager, all you have to do is:
All the information required in a PIA is all found in the study:
In a risk study, analyzed impacts highly rely on each stakeholder’s point of view. Starting from this understanding, this document push to take into account each actor considerations, in a “by design” logic, so that the product, system or service is accepted by everyone.
This document presents sectors in which tisk management plays a major role in order to enlight similarities and dissimilarities. Risk management is not only for information technology but concerns a growing amount of sectors that think about their survival and expansion strategies.
This memento provides with the concepts related to business continuity and their position in information security. Then, specific activities for business continuity are presented in 4 iterative steps. The referential, the organization and the associated tools are finally studied.