Risk mapping is a way of analysing and interrogating risks via their spatial characteristics. It operates at a number of levels and can represent the spatial distribution of risks, priorities, vulnerabilities or a combination of these three factors.
It is essential to manage cybersecurity by controlling risks. With risks, there are always three stages: first, we need to know which risks we face – this is the identification stage. Then, we need an in-depth knowledge of these risks with precise metrics. This is what we call the quantification stage. This is followed by the implementation of a standardised, structured method for addressing the risks identified, but also an approach that makes this analysis dynamic by constantly re-assessing the risks. These fundamental stages constitute the risk management process. By bringing all this information together, we become more agile and thus more successful.
There are four types of cyber risk, with a variety of consequences affecting individuals, governments and companies directly or indirectly: cybercrime, reputational damage, espionage and sabotage.
A data breach is a security incident in which sensitive, protected or confidential data is copied, transferred, viewed, stolen or used by an unauthorised person. The data affected by the breach may be personal (vital records, identity cards etc.), bank-related (credit cards), financial, medical, commercial etc.
Anticipating means incorporating collective intelligence into established processes and developing a global, collaborative approach in order to address risks together.
Anticipating also means being able to rely on collaborative solutions and innovative technologies that need to be placed at the service of decision-makers, guiding them towards enlightened decisions with reliable, comprehensive indicators. It is essential to be resilient and to work on general awareness, training and digital sovereignty, at both national and European level.
EBIOS Risk Manager is the digital risk assessment and treatment method published by ANSSI with the support of Club EBIOS. The methodology consists of a modular toolkit compatible with current standards frameworks for both risk management and cybersecurity.
EBIOS Risk Manager, the first ANSSI-certified solution, provides the elements needed for communication and thus makes it possible to identify and evaluate risks, and determine security measures to deal with them, moving companies and public and private sector organisations of all sizes towards an approach based on continuous improvement.
All companies with 250 or more employees must set up a processing register. Companies below this size are also affected if the processing they perform is likely to cause a risk to the rights and freedoms of the people concerned, it is not occasional or it relates to specific categories of data. These categories include data about racial or ethnic origins, political opinions, religious or philosophical convictions, trade union membership, genetic or biometric data that can identify an individual uniquely, data about health, lifestyle or sexual orientation and data about criminal convictions.
Yes – even before the GDPR (General Data Protection Regulation) took force, EGERIE had begun to develop the tools needed to ensure compliance in terms of personal data protection.
EGERIE Privacy Manager supports DPOs (Data Protection Officers) in their adaptation to the new European rules on personal data protection and how these obligations should be implemented.
The principle of Privacy By Design is at the heart of the General Data Protection Regulation (GDPR). Article 25 of this legislative framework, which aims to protect the privacy of European citizens, is entitled “Data protection by design and by default” and incorporates the Privacy By Design principle.
Using a user-friendly interface and a dynamic approach, the EGERIE software platform provides a global, centralised vision of the cyber risk mapping and the security measures to be implemented, enabling you to develop an effective cybersecurity strategy for your company.
The solution is based on two essential functional and technological components for optimising the risk analysis and achieving a high level of performance: EGERIE Risk Manager and EGERIE Privacy Manager. Thanks to its technology, its analysis engine and its business and standards libraries, the EGERIE platform develops the mapping of cyber risks and rationalises their governance.
The software provides a plethora of expert knowledge bases that can be used to model and adapt risk situations (complete libraries of typical systems and catalogues of threats, vulnerabilities, security measures etc.).
Today’s companies are accelerating their digital transformation, which obliges them to rethink their activities and how they are organised. They also find themselves confronted with the necessity of adapting to geopolitical and regulatory requirements at great speed. Risk is omnipresent in this process. Only a holistic approach to Risk Management enables this risk to be controlled, securing strategies and their evolution and protecting staff and assets.
Over 6 million items of data are now stolen or lost every day, and over three quarters of European companies of all sizes fear an increase in cyberattacks targeting their assets and/or data, and especially personal data (source: Breachindex 2019). Today, faced with the growing scale of these cyber risks and destabilisation operations, it is vital for companies and organisations to have the means of ensuring better protection and security for their systems. The question is no longer how to react to an attack, but how to anticipate it.
To detect sources of intrusions quickly and be as responsive and effective as possible when incidents occur, companies must strive to obtain maximum visibility over their infrastructure. This involves performing regular diagnostics and knowing which threats they may be exposed to. However, economic security within a company or an organisation is about more than just one-off technical or organisational measures. To be fully effective, it requires a real policy to be implemented – this is essential to preserve the organisation’s interests, skills and information capital.
Because all companies amass large quantities of information, whether it is produced in-house or comes from external third parties (suppliers, customers, financial partners etc.). Naturally, it is not possible to protect all this information in the same way, or the company’s activity would be paralysed. A precise analysis of the risks is thus a vital prerequisite to identify the information that is truly strategic.
Based on French and international standards and regulations, EGERIE’s technologies are recognised by the strictest authorities: EGERIE has received the EBIOS Risk Manager Server label issued by ANSSI. The EGERIE software platform incorporates the following standards frameworks and knowledge bases:
— PCIDSS, ISO 27001, ISO 27002, HDS, LPM, NIS
— NIST Cybersecurity Framework, MITRE ATT&CK
— CNIL frameworks
EGERIE also incorporates several methodological standards for risk analysis: ISO 27005, EBIOS v2, EBIOS 2010, EBIOS Risk Manager, simplified methods (risks and measures), ISO 21434.