Risk analysis and risk management using MEHARI

In the new information society, risks are all over, every day, each minute. The present study presents MEHARImethodology set for risk analysis and risk management developed by CLUSIF (Club de la Securite de l'Information Francais. For many years, numerous security publications have been considering risk analysis to be the foundation of security actions and referring to it as such. This is still true for the most recent standards in the domain of information security management, in particular ISO/IEC 27001, which explicitly refers to risks identifying, evaluating and treating processes. These standards that explicitly call on the idea of "risk" and the need to evaluate and control risks do not propose any methodology for analyzing risks, stating simply that organizations must choose their own methodology. It seems that even the expression "risk management" can be interpreted differently from one organization to another, and that the supporting methodologies can be significantly different depending on the objectives targeted. MEHARI -methodology set– presents ways to secure your every byte and reduce organization risks to minim.