EBIOS RM

EBIOS Risk Manager (EBIOS RM) is the method for assessing and treating digital risks, published by National Cybersecurity Agency of France (ANSSI) with the support of Club EBIOS. It is not a norm, but rather a methodology, which is compliant with ISO 31000:2018 and ISO 27005:2022.
The methodology is based on 5 workshops, which cover all the essentials aspects of the risk assessment process. These workshops permit to achieve the right balance between conformity and scenarios.

Note: Since this methodology is provided by a French agency, this cheat sheet is exceptionally only in French in order to use the proper taxonomy! But ANSSI has provided documentation both in French and in English. The modelling illustrates a fictitious use case, based on an unsecure privileged access management solution provider.

Note: Based on original learning material from ANSSI.