{"id":68,"date":"2024-06-18T06:24:04","date_gmt":"2024-06-18T04:24:04","guid":{"rendered":"https:\/\/stefanescu.lu\/?p=68"},"modified":"2024-06-18T18:41:13","modified_gmt":"2024-06-18T16:41:13","slug":"a-quick-look-at-ebios-risk-manager","status":"publish","type":"post","link":"https:\/\/stefanescu.lu\/?p=68","title":{"rendered":"A Quick Look at EBIOS Risk Manager"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane-1024x585.webp\" alt=\"\" class=\"wp-image-80\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane-1024x585.webp 1024w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane-300x171.webp 300w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane-768x439.webp 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane-1536x878.webp 1536w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane-500x286.webp 500w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/mariane.webp 1792w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is EBIOS RM?<\/h2>\n\n\n\n<p><a href=\"https:\/\/cyber.gouv.fr\/publications\/ebios-risk-manager-method\">EBIOS Risk Manager (EBIOS RM)<\/a> is the method published by the <a href=\"https:\/\/cyber.gouv.fr\">French National Cybersecurity Agency<\/a>(ANSSI &#8211; &#8220;Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d&#8217;information&#8221;) for assessing and managing digital risks(EBIOS: &#8220;<a href=\"https:\/\/cyber.gouv.fr\/publications\/ebios-risk-manager-method\">Expression des Besoins et Identification des Objectifs de S\u00e9curit\u00e9<\/a>&#8221; can be translated as &#8220;Description of Requirements and Identification of Security Objectives&#8221;) developed and promoted with the support of <a href=\"https:\/\/club-ebios.org\/site\/en\/welcome\/\">Club EBIOS<\/a> (a French non-profit organization that focuses on risk management, drives the evolution of the method and proposes on its website a number of helpful resources for implementing it &#8211; some of them in English).<\/p>\n\n\n\n<p>EBIOS RM defines a set of tools that can be adapted, selected and used depending to the objective of the project, and is compatible with the reference standards in effect, in terms of risk management (ISO 31000:2018) as well as in terms of cybersecurity (ISO\/IEC 27000).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why is it important?<\/h2>\n\n\n\n<p>Why use a formal method for your (cyber)security risk analysis and not just slap the usual cybersecurity technical solutions (LB + WAF + &#8230;) on your service? <\/p>\n\n\n\n<p>On a (semi)philosophical note &#8211; because the first step to improvement is to start from a known best practice and then define and evolve your own specific process.<\/p>\n\n\n\n<p>Beyond the (semi)philosophical reasons are then the very concrete regulations and certifications you may need to implement right now, and the knowledge that in the future the CRA regulation will require cybersecurity risk analysis (and proof of) for all digital products and services offered on EU market.<\/p>\n\n\n\n<p>OK, so it is important: lets go to the next step:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How is it used?<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>First a few concepts<\/strong><\/h4>\n\n\n\n<p>In general the target of any risk management \/cybersecurity framework is to guide the organization&#8217;s decisions and actions in order to best defend\/prepare itself.<\/p>\n\n\n\n<p>While risk\/failure analysis is something we all do natively, any formal practice needs to start by defining the base concepts: risk, severity, likelihood, etc.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Risk and its sources:<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/learning.oreilly.com\/library\/view\/isc-2-cissp-certified\/9781119786238\/\">ISC2 &#8211; CISSP<\/a> provides these definitions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Risk is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result<\/li>\n\n\n\n<li>a threat is a potential occurrence that may cause an undesirable or unwanted outcome for an organization or for an asset.<\/li>\n\n\n\n<li>asset is anything used in a business process or task<\/li>\n<\/ul>\n\n\n\n<p>One of the first formal methods to deal with risk was FMEA: Failure Modes, Effects and criticality Analysis that started to be used\/defined in the 1940s (1950s?) in US (see <a href=\"https:\/\/en.wikipedia.org\/wiki\/Failure_mode_and_effects_analysis\">wikiipedia<\/a>). This is one of the first places where the use of broad severity(not relevant\/ very minor\/ minor\/ critical\/ catastrophic) and likelihood(extremely unlikely\/ remote\/ occasional\/ reasonably possible\/ frequent) categories have been defined.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"769\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/anssi_acceptance-1024x769.png\" alt=\"\" class=\"wp-image-69\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/anssi_acceptance-1024x769.png 1024w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/anssi_acceptance-300x225.png 300w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/anssi_acceptance-768x577.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/anssi_acceptance-400x300.png 400w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/anssi_acceptance.png 1348w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/cyber.gouv.fr\/sites\/default\/files\/2019\/11\/anssi-guide-ebios_risk_manager-en-v1.0.pdf\">ANSSI defines<\/a> 4 levels of severity in EBIOS RM:<\/h5>\n\n\n\n<p>G4 &#8211; CRITICAL &#8211; Incapacity for the company to ensure all or a portion of its activity, with possible serious impacts on the safety of persons and assets. The company will most likely not overcome the situation (its survival is threatened).<\/p>\n\n\n\n<p>G3 &#8211; SERIOUS &#8211; High degradation in the performance of the activity, with possible significant impacts on the safety of persons and assets. The company will overcome the situation with serious difficulties (operation in a highly degraded mode).<\/p>\n\n\n\n<p>G2 &#8211; SIGNIFICANT &#8211; Degradation in the performance of the activity with no im- pact on the safety of persons and assets. The company will overcome the situation despite a few difficulties (operation in degraded mode).<\/p>\n\n\n\n<p>G1 &#8211; MINOR &#8211; No impact on operations or the performance of the activity or on the safety of<br>persons and assets. The company will overcome the situation without too many difficulties (margins will be consumed).<\/p>\n\n\n\n<p>ANSSI defines 4 levels of likelihood:<\/p>\n\n\n\n<p>V4 &#8211; Nearly certain &#8211; The risk origin will certainly reach its target objective by one of the considered methods of attack. The likelihood of the scenario is very high.<\/p>\n\n\n\n<p>V3 &#8211; Very likely &#8211; The risk origin will probably reach its target objective by one of the considered methods of attack. The likelihood of the scenario is high.<\/p>\n\n\n\n<p>V2 &#8211; Likely &#8211; The risk origin could reach its target objective by one of the consi- dered methods of attack. The likelihood of the scenario is significant.<\/p>\n\n\n\n<p>V1 &#8211; Rather unlikely. The risk origin has little chance of reaching its objective by one of the considered methods of attack. The likelihood of the scenario is low.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">ANSSI defines some additional concepts:<\/h5>\n\n\n\n<p><strong>Risk Origins<\/strong> (RO &#8211; this is similar to Threat Agent\/Actor in ISC2 terminology) &#8211; something that potentially could exploit one ore more vulnerabilities.<br><strong>Feared Events<\/strong> (FE &#8211; this is equivalent to Threats in ISC2 terminology)<br><strong>Target Objectives<\/strong>(TO): the end results sought over by a Threat Agent\/Actor<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">A side note : quantitative analysis<\/h4>\n\n\n\n<p>ISC2 &#8211; CISSP recommends using quantitative analysis for risk qualification:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"995\" height=\"621\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/AnnualizedLossExposurer.png\" alt=\"\" class=\"wp-image-70\" style=\"width:631px;height:auto\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/AnnualizedLossExposurer.png 995w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/AnnualizedLossExposurer-300x187.png 300w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/AnnualizedLossExposurer-768x479.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/AnnualizedLossExposurer-481x300.png 481w\" sizes=\"auto, (max-width: 995px) 100vw, 995px\" \/><\/figure>\n\n\n\n<p><br>Getting there requires to qualify your asset value or at least how much a risk realisation would cost you (Single Loss Expectancy) and then compute an annual loss so that you can compare rare events but costly with smaller but more frequent.<\/p>\n\n\n\n<p>I think the two methods are compatible as nothing stops you to define afterwards some thresholds that map the value numbers to a severity class (eventually depending not only on the ALE but also on your budget\/risk appetite\/risk aversion)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">A process of discovery<\/h3>\n\n\n\n<p>The risk management methods are at their core similar and all contain a number of steps that help establish: what is that you need to protect, what could happen to it, and what could be done to make sure the effects of what ever happen are managed (or at least accepted).<\/p>\n\n\n\n<p>So the steps are in general (with some variance on the order and emphasis) :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>identify assets (data, processes, physical)<\/li>\n\n\n\n<li>identify vulnerabilities associated to your assets<\/li>\n\n\n\n<li>identify the threats that exist in your operative environment (taking into account your security baseline)<\/li>\n\n\n\n<li>identify the risks and prioritise action related to them based on their likelihood and severity<br>..cleanse and repeat.<\/li>\n<\/ul>\n\n\n\n<p>To help with this process EBIOS RM defines 5 workshops: each one with expected inputs, outputs and participants:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"453\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-1024x453.png\" alt=\"\" class=\"wp-image-71\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-1024x453.png 1024w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-300x133.png 300w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-768x340.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-1536x679.png 1536w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-2048x906.png 2048w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_high_view-500x221.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Workshop 1:<\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"1024\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w1-819x1024.png\" alt=\"\" class=\"wp-image-72\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w1-819x1024.png 819w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w1-240x300.png 240w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w1-768x961.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w1-1228x1536.png 1228w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w1.png 1247w\" sizes=\"auto, (max-width: 819px) 100vw, 819px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Workshop 2:<\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"754\" height=\"1024\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w2-754x1024.png\" alt=\"\" class=\"wp-image-73\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w2-754x1024.png 754w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w2-221x300.png 221w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w2-768x1043.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w2.png 1119w\" sizes=\"auto, (max-width: 754px) 100vw, 754px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Workshop 3:<\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"569\" height=\"1024\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w3-569x1024.png\" alt=\"\" class=\"wp-image-74\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w3-569x1024.png 569w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w3-167x300.png 167w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w3-768x1383.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w3-853x1536.png 853w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w3.png 882w\" sizes=\"auto, (max-width: 569px) 100vw, 569px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\"><br>Strategic scenario:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a potential attack with the system as a blackbox: how the attack will happen &#8220;from the exterior of the system&#8221;<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Workshop 4:<\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"697\" height=\"1024\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w4-697x1024.png\" alt=\"\" class=\"wp-image-75\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w4-697x1024.png 697w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w4-204x300.png 204w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w4-768x1129.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w4.png 1024w\" sizes=\"auto, (max-width: 697px) 100vw, 697px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\"><br>Operational\/Operative Scenarios &#8211; identify and describe potential attack scenarios corresponding to the strategic ones, eventually using tools like: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/develop\/threat-modeling-tool-threats#stride-model\">STRIDE<\/a>, <a href=\"https:\/\/owasp.org\/www-project-threat-dragon\/\">OWASP<\/a> , <a href=\"https:\/\/attack.mitre.org\">MITRE ATT&amp;CK<\/a>, <a href=\"https:\/\/www.enisa.europa.eu\/topics\/risk-management\/current-risk\/risk-management-inventory\/rm-ra-methods\/m_octave.html\">OCTAVE<\/a>, <a href=\"http:\/\/www.octotrike.org\">Trike<\/a>, <a href=\"https:\/\/insights.sei.cmu.edu\/blog\/threat-modeling-12-available-methods\/\">etc.<\/a><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">Workshop 5:<\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"593\" height=\"1024\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w5-593x1024.png\" alt=\"\" class=\"wp-image-76\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w5-593x1024.png 593w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w5-174x300.png 174w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w5-768x1326.png 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w5-890x1536.png 890w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios_rm_w5.png 1098w\" sizes=\"auto, (max-width: 593px) 100vw, 593px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Risk Treatment Strategy Options (ISO27005\/27001):<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid (results in a residual risk = 0) &#8211; change the context that gives rise to the risk<\/li>\n\n\n\n<li>Modify (results in a residual risk > 0): add\/remove or change security measures in order to decrease\/modify the risk (likelihood and\/or severity) <\/li>\n\n\n\n<li>Share or Transfer (results in a residual risk that can be zero or greater : involve an external partner\/entity (e.g. insurance) <\/li>\n\n\n\n<li>Accept (the residual risk stays the same as the original risk)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">In Summary:<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"367\" height=\"1024\" src=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-367x1024.jpg\" alt=\"\" class=\"wp-image-79\" style=\"width:661px;height:auto\" srcset=\"https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-367x1024.jpg 367w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-108x300.jpg 108w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-768x2143.jpg 768w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-550x1536.jpg 550w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-734x2048.jpg 734w, https:\/\/stefanescu.lu\/wp-content\/uploads\/2024\/06\/ebios-rm-full-scaled.jpg 917w\" sizes=\"auto, (max-width: 367px) 100vw, 367px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">In Conclusion:<\/h2>\n\n\n\n<p>EBIOS RM is a useful tool in the cybersecurity management, aligned with the main cybersecurity tools and frameworks.<\/p>\n\n\n\n<p>There is also enough supporting open access materials (see <a href=\"https:\/\/cyber.gouv.fr\/sites\/default\/files\/2019\/11\/anssi-guide-ebios_risk_manager-en-v1.0.pdf\">ANSSI<\/a> and <a href=\"https:\/\/club-ebios.org\/site\/en\/welcome\/\">Club EBIOS<\/a> ) that help conduct and produce the required artefacts at each step of the process: templates, guides, etc. &#8211; which make it a primary candidate for adoption in organisations without an already established cybersecurity risk management practice.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is EBIOS RM? EBIOS Risk Manager (EBIOS RM) is the method published by the French National Cybersecurity Agency(ANSSI &#8211; &#8220;Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d&#8217;information&#8221;) for assessing and managing digital risks(EBIOS: &#8220;Expression des Besoins et Identification des &hellip; <a href=\"https:\/\/stefanescu.lu\/?p=68\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[18,16,19],"tags":[],"class_list":["post-68","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-process","category-risk"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/stefanescu.lu\/index.php?rest_route=\/wp\/v2\/posts\/68","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stefanescu.lu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stefanescu.lu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stefanescu.lu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stefanescu.lu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=68"}],"version-history":[{"count":1,"href":"https:\/\/stefanescu.lu\/index.php?rest_route=\/wp\/v2\/posts\/68\/revisions"}],"predecessor-version":[{"id":81,"href":"https:\/\/stefanescu.lu\/index.php?rest_route=\/wp\/v2\/posts\/68\/revisions\/81"}],"wp:attachment":[{"href":"https:\/\/stefanescu.lu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stefanescu.lu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stefanescu.lu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}