{"id":5159,"date":"2024-03-14T17:41:18","date_gmt":"2024-03-14T16:41:18","guid":{"rendered":"https:\/\/www.kyu.fr\/?p=5159"},"modified":"2024-03-15T14:04:38","modified_gmt":"2024-03-15T13:04:38","slug":"cyber-risk-mapping-of-critical-activities-ebios-rm","status":"publish","type":"post","link":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/","title":{"rendered":"Cyber risk mapping of critical activities (EBIOS RM)"},"content":{"rendered":"<p>A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced with a growing risk of cyber-attacks in a sensitive sector, it wanted to identify its critical systems and assess the threats to its activities, so as to be able to implement the appropriate means of protection.<\/p>\n<p>Our EBIOS\u00ae RM-certified consultants deploy the approach promoted by ANSSI, in partnership with cybersecurity experts I-Tracing. We apply our operational consulting vision to bear in determining key business values to limit the risk of compromising IS integrity, availability and confidentiality, and its consequences on production and patients.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Main achievement<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Cyber risk mapping<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>After identifying the essential tasks to achieving the production sites&#8217; objectives, we mapped the business processes and key information required to achieve them. We qualified their criticality according to their security needs (Availability, Integrity, Confidentiality and Traceability) and associated the most essential with the supports needed to carry them out (hardware, applications, network, personnel).<\/p>\n<p>We identified the events feared by operational staff and assessed their level of severity in terms of their human, legal, regulatory, reputational and financial impact.<\/p>\n<p>Based on our benchmarks, we identified and qualified threats to the sector (espionage, hacktivism, etc.) in terms of probability and modes of action. We then established the most critical cyber attack scenarios, taking into account the stakeholders in the ecosystem (service providers, partners, etc.), and determined the possible technical attack paths by qualifying their likelihood.<\/p>\n<p>Finally, we assessed the robustness of the protection and business continuity systems in place to develop a proposal for a managerial and technical action plan to enhance Cyber risk control.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Key figures : <\/strong><\/p>\n<p><strong>20 <\/strong>processes and information to protect<\/p>\n<p><strong>10<\/strong> attack scenarios with major impact<\/p>\n<p><strong>15<\/strong> recommendations, including<strong> 7<\/strong> major ones<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced with a growing risk of cyber-attacks in a sensitive sector, it wanted to identify its critical systems and assess the threats to its activities, so as to be able to implement the appropriate means &hellip; <a href=\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\">Continued<\/a><\/p>\n","protected":false},"author":5,"featured_media":2210,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[20,164],"class_list":["post-5159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-conseil-en","category-risk-management-en","tag-risk-management-en","tag-risques-cyber-en","insight-cas-clients-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cyber risk mapping of critical activities (EBIOS RM) - Kyu<\/title>\n<meta name=\"description\" content=\"A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber risk mapping of critical activities (EBIOS RM) - Kyu\" \/>\n<meta property=\"og:description\" content=\"A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\" \/>\n<meta property=\"og:site_name\" content=\"Kyu\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-14T16:41:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-15T13:04:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1254\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ang\u00e9line Martin-Brethous\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\"},\"author\":{\"name\":\"Ang\u00e9line Martin-Brethous\",\"@id\":\"https:\/\/www.kyu.fr\/en\/#\/schema\/person\/e73121bda8e465faef3858a2e34c825f\"},\"headline\":\"Cyber risk mapping of critical activities (EBIOS RM)\",\"datePublished\":\"2024-03-14T16:41:18+00:00\",\"dateModified\":\"2024-03-15T13:04:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\"},\"wordCount\":300,\"publisher\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg\",\"keywords\":[\"risk management\",\"risques cyber\"],\"articleSection\":[\"Consulting\",\"Risk management\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\",\"url\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\",\"name\":\"Cyber risk mapping of critical activities (EBIOS RM) - Kyu\",\"isPartOf\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg\",\"datePublished\":\"2024-03-14T16:41:18+00:00\",\"dateModified\":\"2024-03-15T13:04:38+00:00\",\"description\":\"A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced\",\"breadcrumb\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage\",\"url\":\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg\",\"contentUrl\":\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg\",\"width\":1254,\"height\":836,\"caption\":\"Cyber security. Data protection concept. Banking security. Hands touching digital icon padlock and network connection on mobile smartphone, virtual interface screen.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.kyu.fr\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber risk mapping of critical activities (EBIOS RM)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.kyu.fr\/en\/#website\",\"url\":\"https:\/\/www.kyu.fr\/en\/\",\"name\":\"Kyu\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.kyu.fr\/en\/#organization\",\"name\":\"Kyu\",\"url\":\"https:\/\/www.kyu.fr\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.kyu.fr\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/03\/logo-kyu-dark.png\",\"contentUrl\":\"https:\/\/www.kyu.fr\/app\/uploads\/2021\/03\/logo-kyu-dark.png\",\"width\":339,\"height\":132,\"caption\":\"Kyu\"},\"image\":{\"@id\":\"https:\/\/www.kyu.fr\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.kyu.fr\/en\/#\/schema\/person\/e73121bda8e465faef3858a2e34c825f\",\"name\":\"Ang\u00e9line Martin-Brethous\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/eeded8d7c4551b3f91821e754613978c860433e2ec444feaf2b4192ada2198e8?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/eeded8d7c4551b3f91821e754613978c860433e2ec444feaf2b4192ada2198e8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/eeded8d7c4551b3f91821e754613978c860433e2ec444feaf2b4192ada2198e8?s=96&d=mm&r=g\",\"caption\":\"Ang\u00e9line Martin-Brethous\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber risk mapping of critical activities (EBIOS RM) - Kyu","description":"A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/","og_locale":"en_US","og_type":"article","og_title":"Cyber risk mapping of critical activities (EBIOS RM) - Kyu","og_description":"A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced","og_url":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/","og_site_name":"Kyu","article_published_time":"2024-03-14T16:41:18+00:00","article_modified_time":"2024-03-15T13:04:38+00:00","og_image":[{"width":1254,"height":836,"url":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg","type":"image\/jpeg"}],"author":"Ang\u00e9line Martin-Brethous","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#article","isPartOf":{"@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/"},"author":{"name":"Ang\u00e9line Martin-Brethous","@id":"https:\/\/www.kyu.fr\/en\/#\/schema\/person\/e73121bda8e465faef3858a2e34c825f"},"headline":"Cyber risk mapping of critical activities (EBIOS RM)","datePublished":"2024-03-14T16:41:18+00:00","dateModified":"2024-03-15T13:04:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/"},"wordCount":300,"publisher":{"@id":"https:\/\/www.kyu.fr\/en\/#organization"},"image":{"@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg","keywords":["risk management","risques cyber"],"articleSection":["Consulting","Risk management"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/","url":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/","name":"Cyber risk mapping of critical activities (EBIOS RM) - Kyu","isPartOf":{"@id":"https:\/\/www.kyu.fr\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage"},"image":{"@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg","datePublished":"2024-03-14T16:41:18+00:00","dateModified":"2024-03-15T13:04:38+00:00","description":"A pharmaceutical group operates several production sites for active ingredients, with numerous information systems at the heart of its operations. Faced","breadcrumb":{"@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#primaryimage","url":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg","contentUrl":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/09\/cybersecurity.jpg","width":1254,"height":836,"caption":"Cyber security. Data protection concept. Banking security. Hands touching digital icon padlock and network connection on mobile smartphone, virtual interface screen."},{"@type":"BreadcrumbList","@id":"https:\/\/www.kyu.fr\/en\/cyber-risk-mapping-of-critical-activities-ebios-rm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.kyu.fr\/en\/"},{"@type":"ListItem","position":2,"name":"Cyber risk mapping of critical activities (EBIOS RM)"}]},{"@type":"WebSite","@id":"https:\/\/www.kyu.fr\/en\/#website","url":"https:\/\/www.kyu.fr\/en\/","name":"Kyu","description":"","publisher":{"@id":"https:\/\/www.kyu.fr\/en\/#organization"},"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.kyu.fr\/en\/#organization","name":"Kyu","url":"https:\/\/www.kyu.fr\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.kyu.fr\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/03\/logo-kyu-dark.png","contentUrl":"https:\/\/www.kyu.fr\/app\/uploads\/2021\/03\/logo-kyu-dark.png","width":339,"height":132,"caption":"Kyu"},"image":{"@id":"https:\/\/www.kyu.fr\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.kyu.fr\/en\/#\/schema\/person\/e73121bda8e465faef3858a2e34c825f","name":"Ang\u00e9line Martin-Brethous","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/eeded8d7c4551b3f91821e754613978c860433e2ec444feaf2b4192ada2198e8?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eeded8d7c4551b3f91821e754613978c860433e2ec444feaf2b4192ada2198e8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eeded8d7c4551b3f91821e754613978c860433e2ec444feaf2b4192ada2198e8?s=96&d=mm&r=g","caption":"Ang\u00e9line Martin-Brethous"}}]}},"_links":{"self":[{"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/posts\/5159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/comments?post=5159"}],"version-history":[{"count":4,"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/posts\/5159\/revisions"}],"predecessor-version":[{"id":5302,"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/posts\/5159\/revisions\/5302"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/media\/2210"}],"wp:attachment":[{"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/media?parent=5159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kyu.fr\/en\/wp-json\/wp\/v2\/categories?post=5159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}