French

Risk management - simplification and industrialization of the EBIOS method

A tool for conducting and managing cyber risk analyses according to the EBIOS methodology (Expression of Needs and Identification of S&T Objectives) in a more productive way.

1/1

Issue

Cybersecurity risks are becoming increasingly frequent and critical. Companies have therefore used the risk analysis methodology: EBIOS (Expression of Needs and Identification of Safety Objectives)

The EBIOS methodology is rigorous but heavy to implement, time-consuming and results in a very large number of risks. Its realization, use and tracking are not effective. Indeed:
- The analyses are performed on a fixed system at a given time and the risk assessment is always conditioned by certain assumptions and justifications.
- The updating of risk analyses requires keeping a record of all assumptions and justifications.
- The completion of an analysis is long and time-consuming
- It is difficult to integrate into project processes.

The industrialization of risk implementation and management using the EBIOS method therefore requires tools adapted to these challenges.
Existing tools are not compatible with the specifications of some customers/third parties, particularly for industrial systems.

Your advice

Do you agree with the previous statement about existing solutions?

Partially

Yes

Totally

Is it a critical issue?

Partially

Yes

Totally

Question

Option0

Option1

Question

Option0

Option1

Option2

Option3

Solution

We have developed the CYPH-R tool, an autonomous client that simplifies and industrializes the realization and maintenance of risk analyses according to the EBIOS methodology (from module 1 to 5).

It allows to answer all the above problems with the following functionalities:

Ergonomics: The management of thousands of risks is facilitated by the mass processing, filter or grouping functions. All the tables of risks, threats, media assets can be customized, filtered or grouped according to any variable.

Business knowledge included: By default, the tool contains the entire ANSSI knowledge base and the security measures defined by ISO 27002. It is possible to enrich it with media assets, essential assets, threats or security measures designed to save time in entering the various modules.

Version management : The tool is designed to be able to manage and maintain multiple versions of a study. This feature allows you to:
- Easily see how risks change over time.
- Clone studies or study versions to test different security scenarios and directly visualize the impact on risk.
-To keep a record of all ratings and decisions made during the different versions of an analysis.

Data model: All data can be exported in open formats (XML, XLS) which can be used to enhance existing risk management tools, process or generate specific reports.

Security: Analyses are securely stored in a local database on your workstation. Data is encrypted and access is protected with RGS-compliant security mechanisms (general security reference).

Your advice

Does this solution adequately meet the needs of the market ?

Partly

Yes

Totally

Is this solution more interesting than the existing ones ?

Partly

Yes

Totally

What are the strengths of this innovation?

Importance of these benefits

1Time saving => productivity

12345

2Ergonomics => efficiency

12345

3Version management => traceability

12345

4Data exportable in open format => interoperability

12345

5Secure and RGS-compliant data storage => Security

12345

Do you see potential weaknesses?

Question

Option0

Option1

Option2

What competitors/alternative solutions do you know?

Do you think your company could…

Be a customer

Participate in development

Be a distributor