EBIOS RM – A method that meets cybersecurity requirements

The history of risk management goes back several millennia, with the earliest traces of the discipline dating back to antiquity. Risk assessment then evolved steadily and significantly through different eras and civilizations to become a key discipline in our cyber defense activities.

More than ever, in 2024, assessing the risks associated with information systems security has become a priority for all our country's businesses and institutions.

In this article, we don't want to go back in time to the genesis of the first risk assessments. We simply want readers to understand that anticipating the probability (likelihood) and impact (consequence) of a malicious act can change our future. We'll see that anticipatory risk assessment using a common, internationally-proven method is, or should be, a priority in order to protect all our information assets. To give you the best possible understanding of the importance of risk assessment, we will focus on the ISO 27005 standard and the EBIOS Risk Manager method (EBIOS RM 2024).

We will also see that continuous improvement of our cyber-defense posture and the implementation of cybersecurity measures require precise identification of the attack paths that belligerents could take (which is made possible by the EBIOS RM method).