Information security

Security is not a product. It is a continuous and transversal process, which must constantly evolve to cope with the changing risk profile of the organization.
Organizational practices, organized in processes, must keep the organization’s security level up to date according to evolving vulnerabilities, threats, and the numerous dimensions to be considered (technical, human, procedural) and resources available.

Our services in the field of information security cover the entire lifecycle of security within the organization:

  • Cybersecurity strategy:
    • Analysis of the organization’s risk profile
    • Analysis of cyber risks, threats, attack vectors and vulnerabilities
    • Development of a security program aligned with business needs
    • Management of the information security strategy
    • Risk treatment plan / security roadmap
  • Analyzes and audits of information security

    • Information security risk analysis and definition of pragmatic risk management measures
    • Thematic safety audits:

      • Cybersecurity
      • Network security
      • Operational security: integrating security into the organization
      • Data protection and access rights
  • Security concepts:

    • Operational and Organizational Security Mapping
    • Protection needs analysis and SIPD concept (information security and data protection)
    • Development of security concepts related to specific themes
    • Concepts of control environments within a defined perimeter, to visualize the security footprint and identify areas where controls might fail
  • Information Security Management System (ISO 27’001):

    • Development of the risk analysis process according to different methods (NIST, Mehari, etc.)
    • Implementing an Information Security Management System (ISMS)
    • Development of the documentary crop: policies, standards and processes, procedures and guidelines
    • Preparation for certification
  • Business Continuity Management System (ISO 23’301):

    • Business Impact analysis
    • Implementation of the SMCA according to ISO 22’301
    • Development of business continuity plans (business areas)
    • Development of business recovery plans and alignment between BCP and DRP
    • Preparation for ISO 22’301 certification
  • Security on SAP:

    • Data protection concept
    • Management of users and their access
    • GRC (Governance, Risk & Compliance

For technical security services, our partners are able to offer you the expertise and services necessary to ensure your technical security.