Skip to content

FilAmine/ebios-rm

Repository files navigation

πŸ›‘οΈ EBIOS Risk Manager β€” Case Studies

Applied Risk Management using ANSSI's EBIOS RM methodology

EBIOS RM ISO 27005 NIS2 DORA


πŸ“‹ About This Repository

This repository contains three real-world EBIOS Risk Manager (EBIOS RM) case studies applied across critical infrastructure sectors. Each study follows the full ANSSI methodology through 5 structured workshops (ateliers), covering threat source identification, risk scenario modeling, and treatment recommendations.


πŸ—‚οΈ Case Studies Overview

# File Sector Framework Key Threats
1 EBIOS_RM_AXA_Cloud_Azure.docx Insurance / Finance EBIOS RM + Cloud (CSP) Data breach, Cloud misconfiguration, Ransomware
2 EBIOS_RM_Banque_SPI_DORA.docx Banking EBIOS RM + DORA Operational resilience, ICT third-party risk, Cyberattacks
3 EBIOS_RM_TransRail_SupplyChain.docx Rail / Transport EBIOS RM Supply chain attacks, SCADA/OT compromise, Sabotage

πŸ”¬ EBIOS RM Methodology

EBIOS Risk Manager (Expression des Besoins et Identification des Objectifs de Sécurité) is the French national risk management standard developed by ANSSI (Agence nationale de la sécurité des systèmes d'information).

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                    EBIOS RM β€” 5 WORKSHOPS                       β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚                                                                 β”‚
β”‚  ATELIER 1 ──► ATELIER 2 ──► ATELIER 3 ──► ATELIER 4 ──► ATELIER 5  β”‚
β”‚                                                                 β”‚
β”‚  Cadrage &    Sources de    ScΓ©narios      ScΓ©narios      Traitement β”‚
β”‚  Socle de     Risque (SR)   StratΓ©giques   OpΓ©rationnels  du Risque  β”‚
β”‚  SΓ©curitΓ©                   (SS)           (SO)                 β”‚
β”‚                                                                 β”‚
β”‚  βœ“ PΓ©rimΓ¨tre  βœ“ Motivations βœ“ Biens        βœ“ Modes         βœ“ Mesures β”‚
β”‚  βœ“ SMSI       βœ“ CapacitΓ©s   βœ“ SupportΓ©s    βœ“ OpΓ©ratoires   βœ“ Risques β”‚
β”‚  βœ“ Valeurs    βœ“ Ciblage     βœ“ Chemins      βœ“ Vraisemblance βœ“ RΓ©siduel β”‚
β”‚    MΓ©tier                     d'Attaque                         β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ“ Case Study 1 β€” AXA Cloud Azure

Sector: Insurance & Financial Services
Context: Cloud migration of critical insurance systems to Microsoft Azure

Key Risk Scenarios Analyzed

Scenario Source de Risque Vraisemblance GravitΓ© Niveau
Exfiltration de donnΓ©es assurΓ©s Cybercriminel organisΓ© 3 4 CRITIQUE
Ransomware sur infrastructure cloud Groupe APT 3 4 CRITIQUE
Misconfiguration Azure IAM InitiΓ© malveillant 2 3 IMPORTANT
Compromission API Gateway Cybercriminel 2 3 IMPORTANT
DDoS sur services en ligne Hacktiviste 3 2 MODÉRÉ

Mesures de SΓ©curitΓ© RecommandΓ©es

mesures_prioritaires = {
    "Gouvernance": [
        "Politique SMSI Cloud spΓ©cifique",
        "ProcΓ©dure de gestion des incidents cloud",
        "Revue de sΓ©curitΓ© trimestrielle Azure"
    ],
    "Technique": [
        "Azure Defender for Cloud (niveau Standard)",
        "Chiffrement AES-256 au repos et en transit",
        "Zero Trust Network Architecture (ZTNA)",
        "MFA obligatoire + Conditional Access Policies",
        "SIEM Azure Sentinel avec règles UEBA"
    ],
    "Organisationnel": [
        "Formation sΓ©curitΓ© cloud DevOps teams",
        "Exercices de simulation d'incidents",
        "Audit de conformitΓ© ISO 27017/27018"
    ]
}

πŸ“ Case Study 2 β€” Banque SPI + DORA

Sector: Banking & Financial Services
Context: DORA compliance assessment for a mid-size French bank (SPI — Système de Paiement Interbancaire)

DORA Pillars Addressed

Pilier DORA Article Risque IdentifiΓ© MaturitΓ© Actuelle Cible
ICT Risk Management Art. 5-16 Framework incomplet 2/5 4/5
Incident Reporting Art. 17-23 DΓ©lais non respectΓ©s 1/5 4/5
Digital Operational Testing Art. 24-27 Tests TLPT absents 1/5 3/5
ICT Third-Party Risk Art. 28-44 Mapping fournisseurs incomplet 2/5 4/5
Info Sharing Art. 45-49 Participation limitΓ©e 2/5 3/5

Risk Heat Map β€” Banking Scenarios

GRAVITÉ
  5 β”‚                        β–ˆβ–ˆ Ransomware sur core banking
    β”‚                 β–ˆβ–ˆ Fraude interne SI paiement
  4 β”‚         β–ˆβ–ˆ DΓ©faillance prestataire critique
    β”‚  β–ˆβ–ˆ Attaque SWIFT/SEPA
  3 β”‚                β–ˆβ–ˆ Vol de donnΓ©es clients
    β”‚      β–ˆβ–ˆ DDoS plateforme digitale
  2 β”‚ β–ˆβ–ˆ Erreur configuration rΓ©seau
    β”‚
  1 └────────────────────────────────── VRAISEMBLANCE
    1       2       3       4       5

πŸ“ Case Study 3 β€” TransRail Supply Chain

Sector: Rail Transport & Critical Infrastructure
Context: Supply chain security assessment for a French rail operator

Attack Scenarios β€” Supply Chain

scenarios_supply_chain = {
    "SS-01": {
        "titre": "Compromission logiciel SCADA via mise Γ  jour malveillante",
        "source_risque": "Groupe APT Γ©tatique",
        "bien_supporte": "Systèmes de contrôle-commande",
        "vraisemblance": 3,
        "gravite": 5,
        "niveau_risque": "CRITIQUE"
    },
    "SS-02": {
        "titre": "Backdoor dans composant Γ©lectronique embarquΓ©",
        "source_risque": "Fournisseur compromis",
        "bien_supporte": "MatΓ©riel embarquΓ© trains",
        "vraisemblance": 2,
        "gravite": 5,
        "niveau_risque": "CRITIQUE"
    },
    "SS-03": {
        "titre": "Attaque sur prestataire maintenance IT",
        "source_risque": "Cybercriminel",
        "bien_supporte": "Infrastructure IT centrale",
        "vraisemblance": 3,
        "gravite": 4,
        "niveau_risque": "IMPORTANT"
    }
}

OT/IT Security Recommendations

  • Segmentation stricte rΓ©seaux OT/IT (IEC 62443)
  • Qualification des fournisseurs (SecNumCloud equivalent pour OT)
  • Politique de gestion des mises Γ  jour signΓ©es cryptographiquement
  • Surveillance comportementale des accΓ¨s tiers (PAM)

πŸ“Š Cross-Case Analysis

Risk Level Summary

Secteur Risques Critiques Risques Importants Mesures Prioritaires
AXA / Cloud Azure 2 3 15
Banque SPI / DORA 3 4 22
TransRail Supply Chain 2 2 12
Total 7 9 49

Common Threat Actors Identified

🎯 Sources de Risque communes aux 3 secteurs :
β”œβ”€β”€ Cybercriminels organisΓ©s (ransomware, fraude)     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ 95%
β”œβ”€β”€ Groupes APT Γ©tatiques (espionnage, sabotage)      β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘ 70%
β”œβ”€β”€ InitiΓ©s malveillants (vol de donnΓ©es)             β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘ 55%
β”œβ”€β”€ Fournisseurs compromis (supply chain)             β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘ 50%
└── Hacktivistes (DDoS, dΓ©facement)                   β–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘ 35%

πŸ”— References & Standards

Standard Description Application
EBIOS RM v1.5 MΓ©thode ANSSI Tous cas
ISO/IEC 27005:2022 Information security risk management Tous cas
DORA Regulation EU 2022/2554 - Digital Operational Resilience Banque SPI
NIS2 Directive EU 2022/2555 - Network & Information Security Tous cas
IEC 62443 Industrial Cybersecurity TransRail

πŸ‘€ Author

FilAmine β€” Cybersecurity Engineer | GRC Specialist
πŸ”— GitHub Profile | πŸ’Ό LinkedIn


These case studies are created for educational and professional demonstration purposes. Sensitive data has been anonymized and fictitious elements have been added.

About

EBIOS Risk Manager case studies: AXA Cloud Azure, Banque DORA compliance, TransRail Supply Chain security | ANSSI methodology | ISO 27005

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors