Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : Ebios
Vendor name : Central Information Systems Security Division (France)
Country of origin : France

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : Club Ebios

Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • Ebios is a software tool developed by Central Information Systems Security Division (France) in order to support the Ebios method. The tool helps the user to produce all risk analysis and management steps according the five EBIOS phases method and allows all the study results to be recorded and the required summary documents to be produced. The Ebios tool is open source and free.

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification : Step 3 of EBIOS method: 3.1 Study of threat sources. Step 4 of EBIOS method: Identification of security objectives
  • Risk analysis : Step 3 of EBIOS method: 3.2 Study of vulnerabilities
  • Risk evaluation : Step 3 of EBIOS method: 3.3 Formalization of threats

Other phases

  • Context Study : Step 1 of EBIOS method : Identify target system, general information, context of use, determine entities
  • Expression of security needs : Step 2 of EBIOS method: risk estimation and definition of risk criteria

R.M. Method phases supported

  • Risk assessment
  • Risk treatment : Step 4 of EBIOS method: Identification of security objectives , Step 5 of EBIOS method: Determination of security requirements
  • Risk acceptance : Step 4 of EBIOS method: 4.2 List of residual risks
  • Risk communication : Reports produced for every step of the method

Other phases

  • N/A

Other functionality

  • Glossary : List of terms
  • References : List of reference documents

Information processed

  • Presentation of the organization
  • List of elements/entities
  • List of security rules
  • Security needs
  • List of threats
  • List of retained threats
  • List of residual risks

Date of the first edition, date and number of actual version

Date of first release : 1995
Date and identification of the last version : 2004 - version 2

Useful links
Link for further information

Official web site : http://www.ssi.gouv.fr/en/confidence/ebiospresentation.html
user group web site : N/A
Relevant web site : N/A

List the available languages that the tool supports

Languages available : French, English, Spanish, German

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • Freeware

Sectors with free availability or discounted price : -

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Full application free download
Identification required : No
Trial period : -

Tool architecture
Specify the technologies used in this tool

  • Application: Stand alone application (Java & XML), Single installation

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies
  • SME
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : N/A

Information concerning the spread of this tool

General information : More than one thousand known uses (public and private sector)
Used inside EU countries : France, belgium, Luxembourg
Used outside EU countries : Quebec, Tunisia

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : N/A
Operational : N/A
Technical : N/A

Compliance to IT Standards
List the national or international standard this tool is compliant with

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • N/A

Information about possible training courses for this tool

Course : Training in EBIOS method (by CFSSI), 2 days duration, Implementation practices Discuss issues on method, Case studies, Cost N/A

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : No installation needed, stand alone application
  • To use : Usable interface, help functionality, tutorial case provided, Knowledge of the EBIOS method needed
  • To maintain : No updates needed

Tool Support
Specify the kind of support the company provides for this product

Support : N/A

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • N/A

Intergration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools


  • Import/Export
  • HTML format (Custom made tools)

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • N/A

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • Questionnaires : Customize
  • List of Threats/Attacks/Vulnerabilities : Customize
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies