Agile methods emphasise collaboration between self-organising, multidisciplinary teams and their clients. They are based on a lightweight but sufficient methodological framework focused on human interaction and communication.


The French national information system security agency (Agence nationale de la sécurité des systèmes d'information).

Artificial intelligence 

Artificial intelligence is a set of theories and techniques applied in order to create machines capable of simulating intelligence. It is more a set of concepts and technologies than a concrete, independent discipline.


Blockchain is a transparent, secure technology for information storage and transmission that functions with no central controlling authority (Blockchain France's definition). It is the technology at the heart of the decentralised web and its corollary, decentralised finance.


Cloud computing refers to access to IT services provided by a supplier via the internet. The main cloud computing services offered are SaaS, PaaS, IaaS and MBaaS.


Used to describe shared work carried out over the web.


Something that includes or concerns a group of people.


Keeping information secret (within an administration or computerised system, for example).

Cyber defence

All the IT resources used to ensure the defence of a country.

Cyber incident

Unauthorised attempt, successful or unsuccessful, to access, modify, destroy or suppress a network or computer system or make it unavailable.

Cyber resilience

Cyber resilience refers to an entity's capacity to continue to provide the expected results despite any undesirable cyber events. Cyber resilience is an evolving prospect that is quickly gaining greater recognition.

Cyber risk

A cyberattack is a malicious attack on a computer system. Its targets may include computers or servers, isolated or networked, connected to the internet or not, peripherals such as printers or connected devices such as mobile phones, smartphones and tablets. There are four types of cyber risk, with a variety of consequences affecting individuals, governments and companies directly or indirectly: cybercrime, reputational damage, espionage and sabotage.

Cyber risk analysis

Cyber risk analysis covers the area of risk associated with activities that require an IT system. It is an approach that helps the company manage its security projects by evaluating the real risks associated with the IT system.

Cyber risk dashboard

The risk dashboard mirrors the strategy implementation dashboard. Each strategic objective is associated with performance measurements and an action plan. In the same way, the risk dashboard is used to manage the risks that could affect the implementation of the strategy.


Attack against an IT system over the internet.


A cybercrime is a criminal offence that can be committed on or using an IT system, generally connected to a network. 


All the methods and resources used to ensure the security of the information and IT systems of a state, company etc.

Design Thinking

Design Thinking is a synthesis of analytical thinking and intuitive thinking. It aims to update the traditional ways of tackling innovation projects by applying the same approach that a designer would use.

Digital sovereignty

Digital sovereignty refers to the application of sovereignty principles to the field of information and communication technology, i.e. IT and telecommunications.

EBIOS method

EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité – expression of needs and identification of security objectives) is a complete tool for managing IT security risks in accordance with France's RGS security framework and the most recent ISO 27001, 27005 and 31000 standards. It is used to evaluate and manage risks relating to IT system security.

EBIOS Risk Manager

EBIOS RM is the digital risk assessment and treatment method published by ANSSI (the French national information system security agency) with the support of Club EBIOS.

Edge computing

Edge computing is a method of optimisation used in cloud computing that involves processing data at the edge of the network, close to the data source.


Set of moral concepts.


The General Data Protection Regulation is a European Union regulation that constitutes the standard text in terms of personal data protection. It strengthens and unifies data protection for private individuals within the European Union.


Infrastructure as a Service is a cloud computing model designed for companies in which the company manages the middleware of the servers, and in particular the application software, while the cloud provider manages the server hardware, virtualisation layers, storage and networks. 


Innovation is the constant search for improvements to existing methods or systems, unlike invention, which aims to create new methods or systems.


Mobile Backend as a Service, also known as Backend as a Service, is a model enabling web and mobile application developers to connect their applications to storage.


Platform as a Service is a type of cloud computing designed primarily for software developers and development companies, where the client entity maintains the applications themselves. 


Internet fraud technique that aims to obtain confidential information (passwords, bank information etc.) in order to steal the victim's identity.

Quantum computer

A quantum computer uses the quantum properties of matter such as superimposition and entanglement to perform operations on data.


Ransomware is malicious software that takes personal data hostage.

Risk analysis

A risk analysis is the first stage in a risk evaluation process. The result of a risk analysis is a list identifying different types of dangers. A danger is a potential condition, which may or may not exist.

Risk anticipation

This refers to the possibility of incidents or accidents occurring as a result of a company's activities that could have significant harmful effects on the environment.

Risk Management

The job of deciding what possible financial risks are involved in a planned activity and how best to avoid or deal with them.

Risk mapping

Risk mapping is a way of analysing and interrogating risks via their spatial characteristics. It operates at a number of levels and can represent the spatial distribution of risks, priorities, vulnerabilities or a combination of these three factors.


Software as a Service is a model for the commercial exploitation of software in which software is installed on remote servers rather than the user's machine.

Security incident

A security incident is an event that compromises a system's availability, confidentiality or integrity. Examples: illegal use of a password, theft of computer equipment, intrusion into a file or application etc.


The instructions that control what a computer does; computer programs.


Firm belief and assurance in someone or something.

Trusted cloud

A trusted cloud is defined as all the resources of a hybrid cloud managed by a platform that guarantees compliance with all internal, local and industrial regulations.


Attentive, unfailing surveillance.


The new context encourages the emergence of a secure global cyber defence network. The main characteristic of this scenario is the appearance of continuous, sustained cooperation between states and businesses to combat cybercrime. The WhiteNet offers a basis for developing new business models. The risk of cyber disasters is low, but the threat does not disappear entirely. The danger is primarily geopolitical, particularly in relations with states that do not fully cooperate in the WhiteNet.