EBIOS
Encyclopedia
EBIOS allows evaluation and action on risks relative to information systems security, and proposes a security policy adapted to the needs of an organization. This risk analysis method has been created by the DCSSI (Direction Centrale de la Sécurité des Systèmes d'Information), a department of the French Ministry of Defense. The 5 steps of the EBIOS method are: circumstantial study, security requirements, risk study, identification of security goals, and determination of security requirements.
This method is primarily intended for administrations and industries working with the Defense Ministry
that treat confidential or secret defense classified information. It enables well informed “security actions to be undertaken”. The general target is to create a balance of actual or future situations (in the case of a newly created information system). Afterwards, deficiencies of the system must be revealed and so on, in order to permit reflection about solutions to be implemented.
In its first version, EBIOS was focused on “security objectives redaction”. Since 2000, DCSSI became aware of international standards (ISO in particular) increases and “engaged EBIOS adaptation to this criteria”. We can also perceive it as a way to avoid France’s confinement in information security, and incurred risks with the use of French methods that are not recognized abroad and unsuited to international standards.
This method is primarily intended for administrations and industries working with the Defense Ministry
Minister of Defence (France)
The Minister of Defense and Veterans Affairs is the French government cabinet member charged with running the military of France....
that treat confidential or secret defense classified information. It enables well informed “security actions to be undertaken”. The general target is to create a balance of actual or future situations (in the case of a newly created information system). Afterwards, deficiencies of the system must be revealed and so on, in order to permit reflection about solutions to be implemented.
In its first version, EBIOS was focused on “security objectives redaction”. Since 2000, DCSSI became aware of international standards (ISO in particular) increases and “engaged EBIOS adaptation to this criteria”. We can also perceive it as a way to avoid France’s confinement in information security, and incurred risks with the use of French methods that are not recognized abroad and unsuited to international standards.