EBIOS: Difference between revisions
expand French; improve idiom |
m Dating maintenance tags: {{Expand French}} |
||
Line 1: | Line 1: | ||
{{Wikify|date=April 2010}} |
{{Wikify|date=April 2010}} |
||
{{Orphan|date=October 2008}} |
{{Orphan|date=October 2008}} |
||
{{Expand French|Expression des besoins et identification des objectifs de sécurité}} |
{{Expand French|Expression des besoins et identification des objectifs de sécurité|date=October 2011}} |
||
'''EBIOS''' (French: Expression des besoins et identification des objectifs de sécurité) allows evaluation and action on risks relative to information systems security, and proposes a security policy adapted to the needs of an organization. This risk analysis method has been created by the DCSSI (Direction Centrale de la Sécurité des Systèmes d'Information), a department of the French Ministry of Defense. The 5 steps of the EBIOS method are: circumstantial study, security requirements, risk study, identification of security goals, and determination of security requirements. |
'''EBIOS''' (French: Expression des besoins et identification des objectifs de sécurité) allows evaluation and action on risks relative to information systems security, and proposes a security policy adapted to the needs of an organization. This risk analysis method has been created by the DCSSI (Direction Centrale de la Sécurité des Systèmes d'Information), a department of the French Ministry of Defense. The 5 steps of the EBIOS method are: circumstantial study, security requirements, risk study, identification of security goals, and determination of security requirements. |
||
Revision as of 13:41, 11 October 2011
Template:Wikify is deprecated. Please use a more specific cleanup template as listed in the documentation. |
You can help expand this article with text translated from the corresponding article in French. (October 2011) Click [show] for important translation instructions.
|
EBIOS (French: Expression des besoins et identification des objectifs de sécurité) allows evaluation and action on risks relative to information systems security, and proposes a security policy adapted to the needs of an organization. This risk analysis method has been created by the DCSSI (Direction Centrale de la Sécurité des Systèmes d'Information), a department of the French Ministry of Defense. The 5 steps of the EBIOS method are: circumstantial study, security requirements, risk study, identification of security goals, and determination of security requirements.
This method is primarily intended for administrations and industries working with the Defense Ministry that treat confidential or secret defense classified information. It enables well informed “security actions to be undertaken”. The general target is to create a balance of actual or future situations (in the case of a newly created information system). Afterwards, deficiencies of the system must be revealed and so on, in order to permit reflection about solutions to be implemented.
In its first version, EBIOS was focused on “security objectives redaction”. Since 2000, DCSSI became aware of international standards (ISO in particular) increases and “engaged EBIOS adaptation to this criteria”. We can also perceive it as a way to avoid France’s confinement in information security, and incurred risks with the use of French methods that are not recognized abroad and unsuited to international standards.