Background :
The EBIOS method was updated by ANSSI, with particular features properly adapted to industrial IS and, most importantly, the notion of scenarios (various attack steps), which corresponds to approaches already used for industrial IS and for which I have a scenario base. A critical infrastructure in the process of updating a critical system expressed the need for an EBIOS risk analysis. This project was an opportunity to test the methodology, with success.
Achievement :
Created straightforward and pragmatic tools, provided animation and adapted scenarios to comply with the EBIOS RM framework (risk sources, objectives, operational scenarios) and with the culture of the operating/maintenance teams.