Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
EBIOS RMFrameworkInternationalVoluntary

EBIOS RM

Authority : ANSSI
5 ateliers
Overview

What is EBIOS RM ?

EBIOS RM (Expression of Needs and Identification of Security Objectives - Risk Manager) is the ANSSI risk analysis methodology. Published in 2018, it offers a structured approach in 5 workshops to identify and treat information security risks. The method combines a compliance approach (security baseline) with a threat scenario approach (advanced risks), making it suitable for both beginner organizations and complex contexts. EBIOS RM is recommended by ANSSI for risk analyses under ISO 27001, LPM, NIS2, and RGS.

Key Points

  • Workshop 1: Scoping and security baseline, identification of business values and supporting assets
  • Workshop 2: Risk sources, identification of risk source / target objective pairs
  • Workshop 3: Strategic scenarios, construction of high-level attack paths
  • Workshop 4: Operational scenarios, detailed technical attacker modes of operation
  • Workshop 5: Risk treatment, definition of security measures and action plan
  • Compatible with ISO 27005, recommended by ANSSI for LPM, NIS2, RGS compliance

Why Zaxyr

Zaxyr guides your teams through the 5 EBIOS RM workshops with pre-configured templates. The platform automates business value mapping, strategic and operational scenario generation, and produces the risk treatment plan. Results directly feed the ISO 27001 risk analysis and the LPM or NIS2 compliance file.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.