abstract:EBIOS (French: Expression des besoins et identification des objectifs de sécurité) allows evaluation and action on risks relative to information systems security, and proposes a security policy adapted to the needs of an organization. This risk analysis method has been created by the DCSSI (Direction Centrale de la Sécurité des Systèmes d'Information), a department of the French Ministry of Defense.