Compliance study of EBIOS Risk Manager against ISO 27005 guidance
Boutier, Alexandre (2023-12-18)
Compliance study of EBIOS Risk Manager against ISO 27005 guidance
(18.12.2023)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe20231219155886
https://urn.fi/URN:NBN:fi-fe20231219155886
Tiivistelmä
EBIOS Risk Manager is a French method promoted by ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) and recognized by ENISA (European Union Agency for Cybersecurity) for assessing and managing risks in information systems. The method was developed in the late 1990s and has since been revised and updated to keep pace with changes in technology and threat landscape. EBIOS Risk Manager is widely used in France and has been adopted by some organizations in Europe and beyond.
The ISO 27000 family of standards is being considered as a benchmark for the sector, the question of the conformity of EBIOS RM regarding those arises, especially with the ISO 27005. The thesis will provide practical description for organizations that are considering the use of EBIOS RM in conjunction of ISO 27005 norm, helping them to understand the benefits and challenges of this approach. Overall, this thesis aims to promote a better understanding of the role of risk management and the importance of its effectiveness in securing information systems.
First the thesis will explore the history of risk management and its development over time and some of its key concepts, then turns to a historical evolution of the ISO 27005 guidance and EBIOS Risk Manager method.
Then drawing on relevant literature, including international norms, academic articles and use cases, the thesis will develop an in-depth analysis of the ISO 27005:2022 guidance and EBIOS Risk Manager method workflows. Finally, through a case study, the thesis will explore to which extent the EBIOS RM method complies with the ISO 27005:2022 international standard.
The ISO 27000 family of standards is being considered as a benchmark for the sector, the question of the conformity of EBIOS RM regarding those arises, especially with the ISO 27005. The thesis will provide practical description for organizations that are considering the use of EBIOS RM in conjunction of ISO 27005 norm, helping them to understand the benefits and challenges of this approach. Overall, this thesis aims to promote a better understanding of the role of risk management and the importance of its effectiveness in securing information systems.
First the thesis will explore the history of risk management and its development over time and some of its key concepts, then turns to a historical evolution of the ISO 27005 guidance and EBIOS Risk Manager method.
Then drawing on relevant literature, including international norms, academic articles and use cases, the thesis will develop an in-depth analysis of the ISO 27005:2022 guidance and EBIOS Risk Manager method workflows. Finally, through a case study, the thesis will explore to which extent the EBIOS RM method complies with the ISO 27005:2022 international standard.