Overview
ABSTRACT
Often denigrated because of its complexity of implementation, we believe that it was appropriate to break down misconceptions regarding the EBIOS RM 2024 method (EBIOS RM for Expression of Needs and Identification of Security Objectives Risk Management).
In this article, we will demonstrate to readers that this method is a great tool box for risk assessment. We will see that it is well-suited to the requirements of ISO 27001:2022, ISO 27005:2022 and can actively participate in building effective cyber resilience of our information assets in accordance with European directive NIS2.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Dany CORGIAT: President, Alliance Cyber Technologies
INTRODUCTION
The history of risk management goes back several millennia, with the earliest traces of the discipline dating back to antiquity. Risk assessment then evolved steadily and significantly through different eras and civilizations to become a key discipline in our cyber defense activities.
More than ever, in 2024, assessing the risks associated with information systems security has become a priority for all our country's businesses and institutions.
In this article, we don't want to go back in time to the genesis of the first risk assessments. We simply want readers to understand that anticipating the probability (likelihood) and impact (consequence) of a malicious act can change our future. We'll see that anticipatory risk assessment using a common, internationally-proven method is, or should be, a priority in order to protect all our information assets. To give you the best possible understanding of the importance of risk assessment, we will focus on the ISO 27005 standard and the EBIOS Risk Manager method (EBIOS RM 2024).
We will also see that continuous improvement of our cyber-defense posture and the implementation of cybersecurity measures require precise identification of the attack paths that belligerents could take (which is made possible by the EBIOS RM method).
The Ultimate Scientific and Technical Reference
KEYWORDS
cybersecurity | european directive | risk management | ISO/IEC 27001 | EBIOS RM | ISO 27005
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
EBIOS RM
Interconnections and risks
Bibliography
Standards and norms
- Systèmes de management de la sécurité de l'information - ISO/IEC 27001 - 2022
- Lignes directrices en matière de normes organisationnelles relatives à la sécurité de l'information et des bonnes pratiques de management de la sécurité de l'information - ISO/IEC 27002 - 2022
- Management du risque - ISO/IEC 31000 - 2018
- Gestion des risques en sécurité de l'information - ISO/IEC 27005 - 2022
- Dédiée...
The Ultimate Scientific and Technical Reference
