"EBIOS Risk Manager"

2020-10-25

Categories: Club EBIOSGuidancePrivacy

For all those who wish to use EBIOS Risk Manager to conduct a PIA (Privacy Impact Assessment, commonly, or Data Protection Impact Assessment – DPIA, in the specific context of the Article 35 of GDPR), here is an infographic which summarizes the approach:

Broadly speaking, information security / cybersecurity and privacy are both about data protection.
The goal is different: in the information security field, the goal is to protect the organization, while in privacy, the goal is to protect individuals / data subjects.
But the way to manage risk is perfectly compatible!

To conduct a PIA with EBIOS Risk Manager, all you have to do is:

  1. take the processing of personal data considered as the subject of the EBIOS Risk Manager study;
  2. assess compliance with the fundamental principles (determined purpose, minimized data, informing people, enabling them to exercise their rights, etc.), and this can be done as part of the Security basline of workshop 1 of EBIOS Risk Manager ;
  3. identify the potential impacts on the data subjects and estimate their severity, and this can be done in the context of the feared events of the same EBIOS Risk Manager workshop 1.

All the information required in a PIA is all found in the study:

  1. the description of the treatment is taken from Workshop 1;
  2. the assessment of the necessity and proportionality with regard to fundamental principles and rights also came from Workshop 1;
  3. the study of data security risks and their potential impacts on privacy is the result of workshops 1, 2, 3 and 4;
  4. the controls envisaged to deal with the risks emerge from workshop 5.
Tags:

2020-05-06

Collaborate efficiently for your EBIOS Risk Manager analyses!

From the EBIOS Risk Manager method to its agile and collaborative application

Agile Risk Manager is designed to support you in the implementation of risk analysis using the EBIOS Risk Manager method. Take advantage of the strength of an adapted tool to focus on the fundamental values highlighted by the method: knowledge, agility and commitment.

Agile Risk Manager brings you the efficiency and ergonomic facilities of an on-premise solution, while allowing a complete and intuitive collaborative work. From change history to role and access management on your shared analyses, everything is done to enable you to work as a team.

The power of a fully customizable tool

Go even further with the strength of a dedicated software that guides you without restricting you. Agile Risk Manager adapts its presentation to your needs, making recommendations while leaving you in control of your choices.

Customize your experience:

  • Select data from the integrated knowledge bases
  • Use the standard reference systems available (ISO 27001, IEC 62443, PSSIE, NIS, etc.)
  • Define your own enterprise repositories to facilitate collaborative work
  • Select the workshops and activities to be carried out according to your objectives

Start with an existing asset and enhance your data

Thanks to an Excel data import and a simple open template, you can directly retrieve your existing analyses in Agile Risk Manager. Preserve your data capital and improve it in our tool, or simply start new analyses.

Agile Risk Manager also allows you to exchange data with customers or colleagues by exporting every table to Excel and every graph and matrix as an image. A global report can also be generated at any point in your analysis. The content of this report is customizable and you can export it in different formats, such as HTML, Word and PDF.

How can you try Agile Risk Manager?

Taking our software in hands is simple and easy. Get started directly with our integrated examples and take advantage of a dedicated support with our online demonstrations and a free evaluation.

For more information or to request your evaluation version, contact us at contact [at] all4tec.net or visit https://www.all4tec.com/.

About ALL4TEC

ALL4TEC designs and distributes risk analysis tools for cybersecurity and operational safety, in order to answer to the twofold “Safe & Secure” issue which is more and more present among large industrials, operators and IT contractors.

Screenshots

2020-04-05

The following document can be used for determining the baseline of the Workshop 1 of EBIOS Risk Manager, when the scope of the study is a processing of personal data:
> Download

It constitutes a declaration of applicability relating to the fundamental principles related to the protection of privacy.

The other Workshops of the study makes it possible to satisfy the obligations of the GDPR in terms of security (cf. art. 32) if you assess the impacts on the data subjects in addition to those on the organization.
You can thus use EBIOS Risk Manager to carry out a PIA (cf. art. 35).

Le Club EBIOS sera présent sur le FIC - du 07 au 09/06 - stand G28 !
+