For many years, organizations have implemented IT risk management based on the security of their information systems alone. This was based on criteria such as confidentiality, integrity and availability and applied mainly to transversal or support activities.
With the digital transformation of all actors in society and their increasing interconnection, IT risk management has gradually evolved within organizations towards a global management of digital risk. In view of the technological, economic and even geopolitical contexts, this risk is a growing concern for all organizations’ activities.
With the increase of digital risk and its propensity to spread to all of the organisation’s activities, managers must define with the boards and the business teams new risk acceptance thresholds (appetite for risk). These risks are not limited to the organization only, they also concern the stakeholders of the value chain with who they shall be shared.
You are convinced of the need to properly address digital risk within your organization, but don’t know where to start? We got what you need!
The approach described in this guide has been developed by ANSSI and AMRAE. It builds on the experience of the principal actors involved in digital risk control.
In 15 steps, this reference work supports public or private organisations of all sizes through a process that drains strategic, economic and reputation issues. Tomorrow, the responsible and trusted organization will be able to control the digital risk. That said, leaders have to understand it, implement the appropriate actions and learn to value this investment.
As the powerful engine of Digital Risk Management approach, EBIOS Risk Manager (EBIOS RM) is the method for assessing and treating digital risks, published by National Cybersecurity Agency of France (ANSSI) with the support of Club EBIOS.
It provides a toolbox that can be adapted, of which the use varies according to the objective of the project. EBIOS Risk Manager is compatible with the reference standards in effect, in terms of risk management as well as in terms of cybersecurity.