ResearchPDF Available

Obérisk: a poster support for an Obeya-like risk management approach

Authors:
  • Thales Research and Technology

Abstract

Lean management is trendy. This also concerns risk management, in particular in France, with the recent publication of the EBIOS-Risk Manager method by the French National Agency for Cybersecurity. However, if the new method fosters an agile approach of risk management, it does not provide the tools to support the mandated brainstorming workshops. Here, we propose an innovative set of posters to support the collection of risk management information during brainstorming workshops. The posters can be printed in A0 format for use during physical meetings, or used electronically during remote brainstorming teleconferences. By using these posters on a Thales internal cybersecurity course, Master 2 courses, and on multiple real business case-studies, we have developed the optimal number and the content of each poster, bringing them to a level of maturity that is compliant with operational business cases. We have noticed during those case-studies that risk management using this technique is fun. It is a way of demystifying risk management, making it easier to understand, whilst remaining highly time-efficient. This format is especially appropriate during bid activities, or project kick-off. It also fosters a collaborative state of mind, recalling that system architecture securing is not the sole business of cybersecurity experts, but the result of a collaborative work involving the management, domain experts, the CISO and CIO. Poster Support for an Obeya-like Risk Management Approach by Stéphane Paul of Thales Research & Technology (Critical Embedded Systems Laboratory) is made available in the form of PowerPoint slides under the CC BY-NC-SA (i.e. Creative Commons Attribution + Non Commercial + Share Alike) licence.
A preview of the PDF is not available
... The user guide is in French. They can be found on the Club EBIOS forum [50] or on Research Gate [51]. The datasheets are presented in detail below. ...
Article
Full-text available
Cyberattacks make the news daily. Systems must be appropriately secured. Cybersecurity risk analyses are more than ever necessary, but… traveling and gathering in a room to discuss the topic has become difficult due to the COVID, whilst having a cybersecurity expert working isolated with an electronic support tool is clearly not the solution. In this article, we describe and illustrate Obérisk, an agile, cross-disciplinary and Obeya-like approach to risk management that equally supports face-to-face or remote risk management brainstorming sessions. The approach has matured for the last three years by using it for training and a wide range of real industrial projects. The overall approach is detailed and illustrated on a naval use case, with extensive feedback from the end-users. We show that Obérisk is really time-efficient and effective at managing risks at the early stages of a project, whilst remaining extremely low-cost. As the project grows or when the system is deployed, it may eventually be necessary to shift to a more comprehensive commercial electronic support tool.
ResearchGate has not been able to resolve any references for this publication.