Using EBIOS for risk management in critical information infrastructure

Abstract

The business services of organizations depend widely on information systems. IT risks can harm these systems and thus affect the success of business goals. Therefore, the importance of security technologies in IT systems has received increased attention. These technologies require monetary investment. Risk management is used to justify this investment. Risk management is a strategic activity in the design of an organization: it is a systematic process of identifying, assessing and responding to events that may potentially affect business objectives. The objective of this paper is to address the challenges of protecting the business services of organizations. For this purpose, a concrete application will be detailed using EBIOS.