EBIOS
   HOME

TheInfoList



Click Here for Items Related To - EBIOS
OR:
EBIOS on:   [Wikipedia]   [Google]   [Amazon]

{{Expand French, Expression des besoins et identification des objectifs de sécurité, date=October 2011 EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité - Expression of Needs and Identification of Security Objectives) is a method for
analysis Analysis ( : analyses) is the process of breaking a complex topic or substance into smaller parts in order to gain a better understanding of it. The technique has been applied in the study of mathematics and logic since before Aristotle (38 ...
, evaluation and action on risks relating to
information system An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...
s. It generates a security policy
adapted In biology, adaptation has three related meanings. Firstly, it is the dynamic evolutionary process of natural selection that fits organisms to their environment, enhancing their evolutionary fitness. Secondly, it is a state reached by the po ...
to the needs of an organization. The method was created in 1995 and is now maintained by the
ANSSI Anssi is a given name. Notable people with the name include: *Anssi Jaakkola (born 1987), Finnish footballer *Anssi Joutsenlahti, pensioned vicar and a member of the parliament of Finland *Anssi Juutilainen (born 1956), Finnish ski-orienteering co ...
, a department of the French Prime Minister. The five steps of the EBIOS method are: # Circumstantial study - determining the context; # Security requirements; # Risk study; # Identification of security goals; and # Determination of security requirements. EBIOS is primarily intended for governmental and commercial organizations working with the
Defense Ministry {{unsourced, date=February 2021 A ministry of defence or defense (see spelling differences), also known as a department of defence or defense, is an often-used name for the part of a government responsible for matters of defence, found in states ...
that handle confidential or secret defense classified information. It enables well informed security actions to be undertaken. The objective is to assess and prepare for possible future situations (in the case of a newly created information system), and identify and respond to deficiencies (when the system is operating) in order to refine the security arrangements. In its first version, EBIOS was focused on “security objectives redaction”. Since 2000, ANSSI became aware of improvements in international standards (
ISO ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
in particular) and “engaged EBIOS adaptation to this criteria”. It might also be viewed as a way to avoid France’s introspective approach to
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
, responding to the limitations of French methods that are not recognized abroad and are unsuited to international markets.


References


System Security Information



External links


EBIOS risk manager guide (english)

EBIOS 2010 - Agence Nationale de la Sécurité

Isdecisions


Risk analysis methodologies