"Agile"

Collaborate efficiently for your EBIOS Risk Manager analyses!

From the EBIOS Risk Manager method to its agile and collaborative application

Agile Risk Manager is designed to support you in the implementation of risk analysis using the EBIOS Risk Manager method. Take advantage of the strength of an adapted tool to focus on the fundamental values highlighted by the method: knowledge, agility and commitment.

Agile Risk Manager brings you the efficiency and ergonomic facilities of an on-premise solution, while allowing a complete and intuitive collaborative work. From change history to role and access management on your shared analyses, everything is done to enable you to work as a team.

The power of a fully customizable tool

Go even further with the strength of a dedicated software that guides you without restricting you. Agile Risk Manager adapts its presentation to your needs, making recommendations while leaving you in control of your choices.

Customize your experience:

• Select data from the integrated knowledge bases
• Use the standard reference systems available (ISO 27001, IEC 62443, PSSIE, NIS, etc.)
• Define your own enterprise repositories to facilitate collaborative work
• Select the workshops and activities to be carried out according to your objectives

Start with an existing asset and enhance your data

Thanks to an Excel data import and a simple open template, you can directly retrieve your existing analyses in Agile Risk Manager. Preserve your data capital and improve it in our tool, or simply start new analyses.

Agile Risk Manager also allows you to exchange data with customers or colleagues by exporting every table to Excel and every graph and matrix as an image. A global report can also be generated at any point in your analysis. The content of this report is customizable and you can export it in different formats, such as HTML, Word and PDF.

How can you try Agile Risk Manager?

Taking our software in hands is simple and easy. Get started directly with our integrated examples and take advantage of a dedicated support with our online demonstrations and a free evaluation.

For more information or to request your evaluation version, contact us at contact [at] all4tec.net or visit https://www.all4tec.com/.

About ALL4TEC

ALL4TEC designs and distributes risk analysis tools for cybersecurity and operational safety, in order to answer to the twofold “Safe & Secure” issue which is more and more present among large industrials, operators and IT contractors.

Screenshots

Lean management is trendy. This also concerns risk management, in particular in France, with the recent publication of the EBIOS Risk Manager method by the French National Agency for Cybersecurity (ANSSI).

However, if the new method fosters an agile approach of risk management, it does not provide the tools to support the mandated brainstorming workshops.

Here, through the EBIOS College of Practitioners, we propose an innovative set of posters that can be used:

• either printed in A0 format, to support the collection of risk management information during face-to-face brainstorming workshops;
• or directly under PowerPoint, during remote workshops (typically using teleconference means during the CoViD lockdowns).

The posters come with a complete user guide to help exploit the posters to the best of their potential. Le guide provides numerous tips based on Thales return-on-experience using these posters. In addition, a complete risk assessment example is provided. The example relates to the naval domain, and more precisely, to the securing of a passenger ferryboat. The example is a representative of the type of (very short but complete) report that can be generated using the approach.

By using these posters on a Thales internal cybersecurity course in 2018, and on two real business case studies in 2019, we have developed the optimal number of posters and fine-tuned the content of each poster, bringing them to a level of maturity that is compliant with operational business cases. Since 2020, the posters were also used on three remote risk assessments within a European project, including the one provided as example.

We have noticed during those case-studies that risk management using this technique is fun. It is a way of demystifying risk management, making it easier to understand, whilst remaining highly time-efficient.

This format is especially appropriate during bid activities, or project kick-off. It also fosters a collaborative state of mind, recalling that system architecture securing is not the sole business of cybersecurity experts, but the result of a collaborative work involving the management, domain experts, the CISO and CIO.
Obérisk, an Obeya-like Risk Management Approach by Stéphane Paul of Thales Research & Technology (Critical Embedded Systems Laboratory) is made available in the form of PowerPoint slides under the CC BY-NC-SA (i.e. Creative Commons Attribution + Non Commercial + Share Alike) licence. Obérisk includes a set of posters, a user guide and a full-blown example.

ClubEBIOS-Oberisk-Guide-2021-01-07
Download the user guide

Download the posters (template)

ClubEBIOS-Oberisk-Exemple-2021-01-07
Download the example

See also the article on Springer
See also the article written with the French Navy school
See also the Posters on ResearchGate