Compliance: EBIOS
The EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) allows to evaluate and act on risks relative to information systems security.
This method, created by the Direction Centrale de la Sécurité des Systèmes d'Information (DCSSI), a department of the French Ministry of Defense, is especially aimed for the French administration.
EBIOS comprises four steps:
-
Circumstantial study
- Organizational study
- Targeted system study
- Definition of the study’s perimeters -
Security requirements
- Recognition of the sensitive elements
- Identification of requirements per element
- Security requirements review -
Risk study
- Standard risks study
- Vulnerability study
- Specific risks study
- Risks / Requirements comparison -
Identification of security goals
- Definition of minimal security
- Definition of security goals
IS Decisions provides a range of software solutions that can be used to support EBIOS methodology:
| Action | IS Decisions Aptitude | IS Decisions Solution | IS Decisions solution's features |
|---|---|---|---|
| Target system study | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources |
| Search, report and archive configuration settings | |||
| Report permissions applied to files, folders and shares | |||
| Control | UserLock | Identification of users connected to the environment | |
| Search, report and archive user connectivity | |||
| FileAudit | Identification of accesses to a file or folder | ||
| Search, report and archive file and folder accesses | |||
| EvenTrigger | Windows event log monitoring | ||
| Search, report and archive incidents | |||
| Vulnerability studys | Know | WinReporter | Report applied hotfixes |
| Control | EvenTrigger | Administrator alert upon incident detection | |
| Search, report and archive incidents |