Ebios
Tool Identity Card
General information
Basic information to identify the product
Tool name : Ebios
Vendor name : Central Information Systems Security Division (France)
Country of origin : France
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : Club Ebios
Brief description of the product
Give a brief description of the product containing general information, overview of functions…
-
Ebios is a software tool developed by Central Information Systems Security Division (France) in order to support the Ebios method. The tool helps the user to produce all risk analysis and management steps according the five EBIOS phases method and allows all the study results to be recorded and the required summary documents to be produced. The Ebios tool is open source and free.
Supported functionality
Specify the functionality this tool provides.
R.A. Method phases supported
-
Risk identification : Step 3 of EBIOS method: 3.1 Study of threat sources. Step 4 of EBIOS method: Identification of security objectives
-
Risk analysis : Step 3 of EBIOS method: 3.2 Study of vulnerabilities
-
Risk evaluation : Step 3 of EBIOS method: 3.3 Formalization of threats
Other phases
-
Context Study : Step 1 of EBIOS method : Identify target system, general information, context of use, determine entities
-
Expression of security needs : Step 2 of EBIOS method: risk estimation and definition of risk criteria
R.M. Method phases supported
-
Risk assessment
-
Risk treatment : Step 4 of EBIOS method: Identification of security objectives , Step 5 of EBIOS method: Determination of security requirements
-
Risk acceptance : Step 4 of EBIOS method: 4.2 List of residual risks
-
Risk communication : Reports produced for every step of the method
Other phases
-
N/A
Other functionality
-
Glossary : List of terms
-
References : List of reference documents
Information processed
-
Presentation of the organization
-
List of elements/entities
-
List of security rules
-
Security needs
-
List of threats
-
List of retained threats
-
List of residual risks
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : 1995
Date and identification of the last version : 2004 - version 2
Useful links
Link for further information
Official web site : http://www.ssi.gouv.fr/en/confidence/ebiospresentation.html
user group web site : N/A
Relevant web site : N/A
Languages
List the available languages that the tool supports
Languages available : French, English, Spanish, German
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)
-
Freeware
Sectors with free availability or discounted price : -
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : Full application free download
Identification required : No
Trial period : -
Tool architecture
Specify the technologies used in this tool
-
Application: Stand alone application (Java & XML), Single installation
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, agencies
-
Large scale companies
-
SME
-
Commercial CIEs
-
Non commercial CIEs
Specific sector : N/A
Spread
Information concerning the spread of this tool
General information : More than one thousand known uses (public and private sector)
Used inside EU countries : France, belgium, Luxembourg
Used outside EU countries : Quebec, Tunisia
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : N/A
Operational : N/A
Technical : N/A
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
ISO 15408: Best practices included in knowledge database
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
N/A
Training
Information about possible training courses for this tool
Course : Training in EBIOS method (by CFSSI), 2 days duration, Implementation practices Discuss issues on method, Case studies, Cost N/A
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : No installation needed, stand alone application
-
To use : Usable interface, help functionality, tutorial case provided, Knowledge of the EBIOS method needed
-
To maintain : No updates needed
Tool Support
Specify the kind of support the company provides for this product
Support : N/A
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
N/A
Intergration in Organization activities
-
N/A
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
-
Import/Export
-
HTML format (Custom made tools)
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
N/A
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
Questionnaires : Customize
-
List of Threats/Attacks/Vulnerabilities : Customize