Skip to main content
Search by keyword

EBIOS Risk Manager – The Method

EBIOS Risk Manager – The Method

The National Cybersecurity Agency of France (ANSSI) and Club EBIOS have collaborated on a developing and publishing the EBIOS Risk Manager (EBIOS RM) method for identifying, assessing, and managing digital risks. This toolbox identifies solutions in order to mitigate risks and can be used by both public and private organisations – regardless of size or sector they operate in.

Concretely, what can EBIOS RM be used for? 

  • Strengthening the digital risk management process within a company
  • Evaluating and treating risks related to a digital project (especially when it comes to security accreditation) 
  • Determining the security level required for a product or service based on its use and potential risk factors 

The approach

The EBIOS RM method uses an iterative approach (symbolised by the ‘digital risk management pyramid' - see below) which is structured into 5 workshops:

  • Workshop 1: Scope and security baseline
  • Workshop 2: Risk Origins
  • Workshop 3: Strategic scenarios
  • Workshop 4: Operational scenarios
  • Workshop 5: Risk treatment 

Risk management pyramid

The guide breaks down the objectives, intended participants, outputs, steps and procedure for each workshop. It also provides several concrete examples to allow for easy appropriation of the method. The EBIOS RM toolbox can be adapted to various situations at hand or target use. These workshops do not need to be taken in chronological order – meaning that one may follow workshop 3 without needing to go through workshop 1 and 2. 

In addition to the guide, ANSSI have developed pedagogical support tools such as ‘method sheets’ to help users conduct each workshop. 
 

Learning content

Target audience
Digital skills for ICT professionals and other digital experts.
Digital skill level
Geographic scope - Country
Austria
Belgium
Bulgaria
Cyprus