Agence nationale de la sécurité des systèmes d’information

Founded in 1995 by the ANSSI and regularly updated, the EBIOS method (Expression of Needs and Identification of Security Objectives) benefits from 15 years of experience in the field of risk management. It is used to assess and treat risks related to information systems security (ISS). It also allows to communicate them within the organization and with its partners, thus forming a complete tool for managing ISS risks.

The ANSSI and the EBIOS Club have released a new version of the EBIOS method to take into account the experience feedback and regulatory changes.

This new method, easier, clearer, contains examples and tips. It offers the opportunity to develop and monitor a plan of action for the security of information systems.

It also includes a case study to understand the method.

Modular and consistent with international standards ISO / IEC 31000, ISO / IEC 27005, ISO / IEC 27001, the EBIOS method remains the essential toolkit for any discussion related to information security:

• to build its ISS repository
  • enterprise risk management;
  • establishment of an ISS management ;
  • development of doctrine, strategy, policy, plan of action, or a ISS dashboard ;
• to integrate ISS into existing projects or systems regardless of their level of advancement :
  • security record;
  • specifications;
  • form expression of security objectives (FEROS);
  • protection profile (PP);
  • Security Target ...

Requests for information and comments on the EBIOS method may be sent to ebios [at] ssi.gouv.fr.