📢 On air! 📢
Tony Hedoux talks about
#ebiosRM and #riskmanagement
Join us on YouTube:
Join us on LinkedIn: linkedin.com/video/live/urn…
Tony Hedoux talks about
#ebiosRM and #riskmanagement
Join us on YouTube:
Join us on LinkedIn: linkedin.com/video/live/urn…
@TonyHedoux graduated from ISTIC in Rennes, and already had an interest in software engineering. He is now Product Owner Cyber at @all4tec_fr and Secretary General of the @club_ebios.
@TonyHedoux @all4tec_fr @club_ebios 💬 What is a #cyberrisk? The explanation is twofold: gravity (often linked to cost), and likelihood (depends on the threat and the security measures in place). #speakerseries
@TonyHedoux @all4tec_fr @club_ebios 💬 Why do a #risk analysis?
1. Improve trust;
2. Save money by avoiding unwanted costs;
3. Compliance with the normative and legal environment.
#speakerseries
1. Improve trust;
2. Save money by avoiding unwanted costs;
3. Compliance with the normative and legal environment.
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios 💬 How to do a #risk analysis? With #ebiosRM from @ANSSI_FR. Born in 1995, EBIOS RM is today the recommended method to cope with #cyber risk assessment and evaluation.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #Threats have evolved: EBIOS 2010 focused on simple threats and vulnerabilities. In ten years, the #cyber hygiene has improved and attacks are more complexes. With the basic #cybersecurity practices, you are protected against most threats.
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM is agile. Each workshop can be taken independently and produces something valuable. Moreover, the toolbox considers both the stakeholders and the end users.
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #cybersecurity is pyramidal: do not address #APT and complex attacks until you are compliant with basic hygiene and norms.
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM Workshop 1: define the perimeter of what you want to protect. What do I fear? What is my situation? What are the business missions in this perimeter?
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM Workshop 2: define the threats you are up against. Who can attack me and why? What resources do they have? Are they likely to attack me?
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM Workshop 3: define your ecosystem. Who can interact with my perimeter? What third parties may be a gateway for a #cyberattack against my system?
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM Workshop 4: define the operational scenarios (requires technical skills). What is the modus operandi that a risk source will implement to achieve its objective? Is it likely?
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM Workshop 5: define the remediation strategies. What do I do with the identified risks? What actions would I take? What is my residual risk afterward?
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR 💬 #ebiosRM is a method, not a tool. You can do it with Excel and PowerPoint, if your context is simple or for a one-shot. But dedicated tools like Agile Risk Manager are recommendable in any other situation.
#speakerseries
#speakerseries
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR This #speakerseries presentation is over! Come ask your questions! sli.do/cyberCNI-4
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓Who is typically involved in #risk analysis?
When possible, the people in charge of security (CISO). But in smaller organizations, the CIO is often the only one we can talk with.
When possible, the people in charge of security (CISO). But in smaller organizations, the CIO is often the only one we can talk with.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓How long does it take? When do we do it?
Most of the time two or three weeks to have something actionable. You should do a risk analysis every time you have significant changes in your perimeter.
Most of the time two or three weeks to have something actionable. You should do a risk analysis every time you have significant changes in your perimeter.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓EBIOS is born in 1995. Is it an issue?
No, EBIOS has evolved along the way to cope with the evolution of the cyber landscape.
No, EBIOS has evolved along the way to cope with the evolution of the cyber landscape.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓Who is in @club_ebios ?
It is dedicated to experts in risk analysis. If you are interested in the subject, do not hesitate to join!
It is dedicated to experts in risk analysis. If you are interested in the subject, do not hesitate to join!
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓How many users of #ebiosRM are there?
Tens of thousands in France. Thanks to the evolution of the normative and legal aspects, doing a risk analysis is mandatory for critical infrastructures operators.
Tens of thousands in France. Thanks to the evolution of the normative and legal aspects, doing a risk analysis is mandatory for critical infrastructures operators.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓Do you watch the international norms?
ISO 27001 is the reference for cybersecurity in the world. ISO 27005 defines the risk analysis and is very close to the functioning of #ebiosRM. If you use #ebiosRM, you are probably compliant to ISO 27005.
ISO 27001 is the reference for cybersecurity in the world. ISO 27005 defines the risk analysis and is very close to the functioning of #ebiosRM. If you use #ebiosRM, you are probably compliant to ISO 27005.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓How does EBIOS deal with industrial systems?
It's mostly the fourth workshop that will differ. But it's only a matter of references and skills. You will need to be surrounded with the right people.
It's mostly the fourth workshop that will differ. But it's only a matter of references and skills. You will need to be surrounded with the right people.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓What are the advantages of using tools?
Tools like Agile Risk Manager provide consistency along all the analysis. But it is above all a guide that you can follow. The tool will also automatically generate the appropriate diagrams.
Tools like Agile Risk Manager provide consistency along all the analysis. But it is above all a guide that you can follow. The tool will also automatically generate the appropriate diagrams.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓Can #ebiosRM help small companies?
YES. It is completely scalable, so you will see benefits even with a small budget.
YES. It is completely scalable, so you will see benefits even with a small budget.
@TonyHedoux @all4tec_fr @club_ebios @ANSSI_FR ❓Will #ebiosRM improve the situational awareness?
It is one of the goal of the method. But your security improves only if you apply the outcomes of the method!
It is one of the goal of the method. But your security improves only if you apply the outcomes of the method!
The presentation is over! Huge thanks to @TonyHedoux and @all4tec_fr for this amazing session!
Check talk.cybercni.fr to be notified for the next sessions!
Check talk.cybercni.fr to be notified for the next sessions!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
