Lean management is trendy. This also concerns risk management, in particular in France, with the recent publication of the EBIOS-Risk Manager method by the French National Agency for Cybersecurity. However, if the new method fosters an agile approach of risk management, it does not provide the tools to support the mandated brainstorming workshops. Here, we propose an innovative set of posters to support the collection of risk management information during brainstorming workshops. The posters can be printed in A0 format for use during physical meetings, or used electronically during remote brainstorming teleconferences. By using these posters on a Thales internal cybersecurity course, Master 2 courses, and on multiple real business case-studies, we have developed the optimal number and the content of each poster, bringing them to a level of maturity that is compliant with operational business cases. We have noticed during those case-studies that risk management using this technique is fun. It is a way of demystifying risk management, making it easier to understand, whilst remaining highly time-efficient. This format is especially appropriate during bid activities, or project kick-off. It also fosters a collaborative state of mind, recalling that system architecture securing is not the sole business of cybersecurity experts, but the result of a collaborative work involving the management, domain experts, the CISO and CIO.
Poster Support for an Obeya-like Risk Management Approach by Stéphane Paul of Thales Research & Technology (Critical Embedded Systems Laboratory) is made available in the form of PowerPoint slides under the CC BY-NC-SA (i.e. Creative Commons Attribution + Non Commercial + Share Alike) licence.