EBIOS compliance

The EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) allows to evaluate and act on risks relative to information systems security. This method, created by the Direction Centrale de la Sécurité des Systèmes d'Information (DCSSI), a department of the French Ministry of Defense, is especially aimed for the French administration.

EBIOS comprises four steps:

  • Circumstantial study
    - Organizational study
    - Targeted system study
    - Definition of the study’s perimeters
  • Security requirements
    - Recognition of the sensitive elements
    - Identification of requirements per element
    - Security requirements review
  • Risk study
    - Standard risks study
    - Vulnerability study
    - Specific risks study
    - Risks / Requirements comparison
  • Identification of security goals
    - Definition of minimal security
    - Definition of security goals

IS Decisions provides a range of software solutions that can be used to support EBIOS methodology:

Action IS Decisions
IS Decisions
IS Decisions solution's features
Target system study Know WinReporter Comprehensive hardware, software and system audit for Windows resources
Search, report and archive configuration settings
Report permissions applied to files, folders and shares
Control UserLock Identification of users connected to the environment
Search, report and archive user connectivity
FileAudit Identification of accesses to a file or folder
Search, report and archive file and folder accesses
Vulnerability studys Know WinReporter Report applied hotfixes

Share this page: