{{Expand French, Expression des besoins et identification des objectifs de sécurité, date=October 2011
EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité - Expression of Needs and Identification of Security Objectives) is a method for
analysis
Analysis (: analyses) is the process of breaking a complex topic or substance into smaller parts in order to gain a better understanding of it. The technique has been applied in the study of mathematics and logic since before Aristotle (38 ...
, evaluation and action on risks relating to
information system
An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, Information Processing and Management, store, and information distribution, distribute information. From a sociotechnical perspective, info ...
s. It generates a security policy adapted to the needs of an organization. The method was created in 1995 and is now maintained by the ANSSI, a department of the
French Prime Minister
The prime minister of France (), officially the prime minister of the French Republic (''Premier ministre de la République française''), is the head of government of the French Republic and the leader of its Council of Ministers.
The prime m ...
.
The five steps of the EBIOS method are:
# Circumstantial study - determining the context;
# Security requirements;
# Risk study;
# Identification of security goals; and
# Determination of security requirements.
EBIOS is primarily intended for governmental and commercial organizations working with the Defense Ministry that handle confidential or secret defense classified information. It enables well informed security actions to be undertaken. The objective is to assess and prepare for possible future situations (in the case of a newly created information system), and identify and respond to deficiencies (when the system is operating) in order to refine the security arrangements.
In its first version, EBIOS was focused on “security objectives redaction”. Since 2000, ANSSI became aware of improvements in international standards (
ISO
The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries.
Me ...
in particular) and “engaged EBIOS adaptation to this criteria”. It might also be viewed as a way to avoid France’s introspective approach to
information security
Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
, responding to the limitations of French methods that are not recognized abroad and are unsuited to international markets.