Risques

EBIOS RM and ISO 27005 risk analysis

Qualify risks by business impact, then arbitrate actions without losing operational reality.

01

Qualify the context

Identify critical assets, feared events, dependencies, exposure and operating constraints.

02

Build risk scenarios

Describe threat sources, attack paths, likelihood, impacts and existing measures.

03

Prioritize treatments

Produce a treatment backlog, risk decisions, expected evidence and tracking indicators.

Deliverables

What remains usable after the mission

risk scenarios

risk register

KPI/KRI

treatment plan