Digital trust: ANSSI and AMRAE publish a guide on digital risk management for managers
November 2019 by Marc Jacob
The French National Cybersecurity Agency (ANSSI) and the Association for Corporate Risks and Insurance Management (AMRAE) concretely reinforce their partnership by publishing "Controlling the digital risk - the trust advantage", a 15-step guide to support the managers of public and private organisations of all sizes in the construction of a digital risk management policy. The guide, available in English and French, is presented in Berlin, Germany, at the Ferma Forum, the congress of the European Risk Management Associations, on November 18, 2019.
The digital risk is weighing more heavily on organisations every day and can jeopardize their survival. It is no longer just the business of technical experts: the digital risk has become strategic and must be treated at the highest level of the organization.
To help managers build a digital risk management policy, ANSSI and AMRAE have co-produced the guide "Controlling the digital risk - the trust advantage". The complementary expertise of ANSSI, the national authority for cybersecurity, and AMRAE, the risk managers’ professional association, have helped to build a comprehensive and realistic guide.
This guide is intended for managers and risk managers of public and private organisations of all sizes, including digital risk committees, business teams and boards of directors. Based on the experience of the main stakeholders in digital risk management, this progressive approach offers support in 15 steps.
In concrete terms, the approach makes it possible to:
taking a reading of the digital risk ;
understanding the digital risk and getting organised (steps 1 to 6) ;
building your security baseline (steps 7 to 11) ;
managing one’s digital risk and enhancing one’s cybersecurity (steps 12 to 15).
"Where to start? What are the different steps to follow? How to stay efficient? How to promote your security investments? The guide provides a rational approach to follow in order to establish and maintain progressively a successful organisation of cyber risk management" explains Guillaume Poupard, director general of ANSSI.
"With this guide, our common goal is to ensure that the entire ecosystem implements the conditions for digital trust. If the company always has an eye on its vulnerabilities, it can anticipate the scenarios with the strongest impact, assessing their financial or reputational consequences, and thus reduce the cyber risk" points out Brigitte Bouquot, AMRAE’s president.
This holistic approach aims to effectively involve all the stakeholders of the organisation and to develop the essential capacities to fight cyber threats. It is based on the risk analysis method EBIOS Risk Manager, which helps to understand one’s exposure to digital risks in order to anticipate not to suffer. In the end, the approach makes digital security a real asset for the organisation. Indeed, the responsible and trusted organisation will be able to control all risks, including the digital risk. Managements must therefore understand it, support the essential measures and promote this investment.
A guide with a European reach
France benefits from its experience and expertise in digital risk management, which it wishes to share at the European level. That is why the guide is addressed to national stakeholders, as well as European ones. ANSSI and AMRAE plead for sharing common principles at the European level that will facilitate the coordination of member states faced with the current and future threats. The guide "Controlling the digital risk - the trust advantage" is available in French and English on ANSSI’s website: https://www.ssi.gouv.fr/guide-contr... and AMRAE’s website: https://www.amrae.fr/guide-amrae-anssi.