EBIOS RM makes it possible to assess digital risks and identify the security measures to be taken in order to control them. It also makes it possible to validate the acceptable level of risk and to carry on in the longer term in a continuous improvement approach. Finally, this method makes it possible to bring about resources and arguments that are useful for communication and decision-making within the organisation and with regards to its partners.
The EBIOS RM method can be used for several purposes:
It applies to public as well as private organizations, regardless of their size, their sector of activity and whether their information systems are being developed or already exist.
The EBIOS Risk Manager method adopts an approach to the management of the digital risk starting from the highest level (major missions of the studied object) to progressively reach the business and technical functions, by studying possible risk scenarios.
It aims to obtain a synthesis between “conformity” and “scenarios”, by positioning these two complementary approaches where they provide the highest value added.
In addition to the EBIOS Risk Manager guide, “method sheets” have been created to help users conduct each workshop described in the guide.
Designed as pedagogical support tools, these method sheets are regularly updated.