Helping you secure your economic capital
Regardless of which sector you are in, your data should be viewed as a key element of your performance. They should remain accessible but confidential. Knowing how to protect this capital means knowing how to anticipate and act at different levels of the organisation.
Cybersecurity is essential whenever valuable information assets need protecting.
Information systems security according to Scalian
Defining objectives and strategy
What are the challenges involved in securing your information systems?
In our digital age, it is natural that at first sight this protection should be solely up to the digital players. However, digital transformation requires the formulation of an organisation-wide strategy, which therefore comes under management oversight. This is because security enables market positioning levers to be applied, and guarantees the continued operation of digital equipment and therefore the resilience of organisations. As a result, security should be addressed within organisations throughout its entire life cycle.
Drivers of opportunity
- If an organisation is able to trust the ecosystem in which it operates, it can:
differentiate itself from the competition by addressing a broader market segment, and particularly the most security-conscious clients, - better appreciate the regulatory and legislative context, supported by a security management system that has been adapted to keep abreast of changes in laws and standards,
- work in a climate of trust that enables it to secure relations with partners and suppliers, assisted by processes, methods and tools that enable it to share challenges and industrialise implementation of the associated objectives. The aim here is to be able to manage the cyber risks associated with procurement and subcontracting.
Guaranteeing financial and operational performance
It is common within organisations to challenge the performance of internal and external processes.
However, security often escapes this optimisation exercise, for fear that a reduction in resources will automatically have a negative impact on the company’s level of security.
Scalian offers to exploit levers regularly available within security systems, which can either raise the level of security without any impact on costs, or optimise costs without degrading performance.
Scalian has a two-fold methodology for optimising cyber performance:
- technical: the system’s effectiveness with regard to the expected level of protection, i.e. the qualitative vision of the cyber risk
- economic: the ROI period in relation to the system’s cost, versus the quantitative view of the cyber risk
Implementing the security approach
Ensuring an adequate level of security requires a system to be implemented that ensures coordination and control of security efforts in line with the organisation’s management system.
It also requires control over the technical aspects of security implementation within the company’s programmes and projects.
The following objectives therefore need to be taken into account:
- in a project context: ensuring successful implementation of security within projects during their build phase
- in a more general context: ensuring good governance, management and coordination of the security effort within the organisation
Scalian offers to support its clients in the following areas:
ISS governance and management:
- Support in defining an information security management system
- Deployment of a security assurance plan to determine how security is implemented in projects and in the supply chain
- Implementation of organisational audits and inspections to ensure management performance and compliance with the applicable objectives and standards
ISS risk management and analysis:
- Establishment of an ISS risk map in relation to operational risks
- Coordination and management of ISS risks throughout their life cycle (ERM)
- Customisation of ISS risk analysis methodologies to match specific client contexts
Implementing security within programmes and projects:
- Security by Design: implement security from the architecture stage using design patterns to reduce the recurrent cost of security functions
- Secure Coding: raise awareness among developers and analyse source code to reduce the risk of introducing vulnerabilities during the development phase
- V&V security: establish and implement a strategy for functional and technical security tests, supplemented by a specific assessment phase aimed at determining the robustness of developments to attacks
- Security approvals and files: define and implement a security development plan within projects to ensure traceability of security risks and objectives throughout the build phase, mainly for the purpose of ISS approval or certification
Security in operation
Operational security is the last phase of the ISS life cycle. It consists of a series of operational processes deployed and implemented on a daily basis to reduce the IS’s technical exposure to threats and attacks, and maintain the IS’s overall level of security.
These operational security processes address two types of asset:
- in a project context: maintains the security level of projects during the “run” phase of their life cycle,
- in a more general context: maintains security of the entire information system, which is the common technical foundation hosting the company’s digitised processes.
Scalian provides operational security support on a number of topics:
Security maintenance:
- Patch management
- Vulnerability management
Incident detection:
- SOC Analysts (L1, L2, L3)
- Threat intelligence
- Vulnerability assessment
Crisis management:
- Incident response and remediation
- Crisis management support
- Forensics
Technical audits and assessments:
- Intrusion testing
- Architecture audits
- Organisational and physical audits
Managed services:
Scalian SOC : Scalian also offers its SOC as a MSSP, enabling you to benefit from comprehensive security incident detection as a managed service.
Scalian CERT: Scalian’s CERT offers an incident response solution in the form of a catalogue of individual and packaged services. The CERT’s role is to provide vulnerability monitoring and management functions, threat intelligence, incident response and R&D designed to improve the SOCs’ detection performance.