EBIOS RM

EBIOS Risk Manager (EBIOS RM) is the method for assessing and treating digital risks, published by National Cybersecurity Agency of France (ANSSI) with the support of Club EBIOS. It is not a norm, but rather a methodology, which is compliant with ISO 31000:2018 and ISO 27005:2022.
The methodology is based on 5 workshops, which cover all the essentials aspects of the risk assessment process. These workshops permit to achieve the right balance between conformity and scenarios.

Note: Since this methodology is provided by a French agency, this cheat sheet is exceptionally only in French in order to use the proper taxonomy! But ANSSI has provided documentation both in French and in English.

This modeling summarizes the EBIOS RM workshops, based on the official example provided by ANSSI. It also highlights the links with other frameworks and methodologies such as OWASP Threat Modeling, NIST SP 800-30, STRIDE, or MITRE ATT&CK and CAPEC.

Note: Based on original learning material from ANSSI.