The productions related to EBIOS

1. Risk management in general | 2. Cybersecurity implementation | 3. Privacy implementation

Submit a production

In a spirit of sharing and reuse, the productions that are the exclusive property of their authors are, unless otherwise specified and subject to the intellectual property rights of third parties, made available under the terms of the following license:

CC BY

Risk management in general

Standards

  • ISO 31000 – Risk management This international standard defines the vocabulary and the principles which must be respected by any risk management approach, whatever its field of application. >See the tandard (paying)

Methods

  • EBIOS Generic Approach This guide is the EBIOS* generic approach. It provides a common base to any sector-specific breakdown. Initially designed for information security, EBIOS can be employed in all fields using the appropriate techniques and knowledge bases. EBIOS allows us to assess and treat risks. It also supplies all the information required for communication within the organization and ...

Q&A

                Cybersecurity implementation

                Standards

                Methods

                • The ANSSI’s method: EBIOS Risk Manager EBIOS, the French reference method, helps organizations to identify and understand their own digital risks. It allows determining security controls that suit to the threat and setting up the monitoring and continuous improvement framework following a risk analysis shared at the highest level. On the ANSSI website: EBIOS Risk Manager Listen to the podcast with Fabien CAPARROS ...

                        Alternative techniques

                        • A Privacy Baseline The following document can be used for determining the baseline of the Workshop 1 of EBIOS Risk Manager, when the scope of the study is a processing of personal data: > Download It constitutes a declaration of applicability relating to the fundamental principles related to the protection of privacy. The other Workshops of the study makes it possible ...

                            Articles, interviews, videos, academic researches

                            Workshop 1 – Scope and security baseline

                            Workshop 2 – Risk origins

                                                Workshop 3 – Strategic scenarios

                                                                    Workshop 4 – Operational scenarios

                                                                                        Workshop 5 – Risk treatment

                                                                                                            Privacy implementation

                                                                                                            Standards

                                                                                                            Methods

                                                                                                            • The CNIL’s PIA Guides The CNIL’s PIA Guides have been updated to provide a tool for the General Data Protection Regulation (GDPR). The methodological approach is a privacy specific instantiation of the EBIOS toolbox. It allows to build and demonstrate compliance with the GDPR of a processing of personal data. The guides (the methodology, the templates and the knowledge bases) are provided ...

                                                                                                              Tools

                                                                                                              • The CNIL’s PIA Tool The open source PIA software helps to carry out data protection impact assesment. The PIA software aims to help data controllers build and demonstrate compliance to the GDPR. The tools is available in French and in English (and many other languages). It facilitates carrying out a data protection impact assessment. This tool also intends to ease ...

                                                                                                                  Alternative techniques

                                                                                                                  • A Privacy Baseline The following document can be used for determining the baseline of the Workshop 1 of EBIOS Risk Manager, when the scope of the study is a processing of personal data: > Download It constitutes a declaration of applicability relating to the fundamental principles related to the protection of privacy. The other Workshops of the study makes it possible ...

                                                                                                                        EBIOS on the web