Information systems security

Implementing the security approach

Ensuring an adequate level of security requires a system to be implemented that ensures coordination and control of security efforts in line with the organisation’s management system.

It also requires control over the technical aspects of security implementation within the company’s programmes and projects.
The following objectives therefore need to be taken into account:

• in a project context: ensuring successful implementation of security within projects during their build phase
• in a more general context: ensuring good governance, management and coordination of the security effort within the organisation

Scalian offers to support its clients in the following areas:

ISS governance and management:

• Support in defining an information security management system
• Deployment of a security assurance plan to determine how security is implemented in projects and in the supply chain
• Implementation of organisational audits and inspections to ensure management performance and compliance with the applicable objectives and standards

ISS risk management and analysis:

• Establishment of an ISS risk map in relation to operational risks
• Coordination and management of ISS risks throughout their life cycle (ERM)
• Customisation of ISS risk analysis methodologies to match specific client contexts

Implementing security within programmes and projects:

• Security by Design: implement security from the architecture stage using design patterns to reduce the recurrent cost of security functions
• Secure Coding: raise awareness among developers and analyse source code to reduce the risk of introducing vulnerabilities during the development phase
• V&V security: establish and implement a strategy for functional and technical security tests, supplemented by a specific assessment phase aimed at determining the robustness of developments to attacks
• Security approvals and files: define and implement a security development plan within projects to ensure traceability of security risks and objectives throughout the build phase, mainly for the purpose of ISS approval or certification

Security in operation

Operational security is the last phase of the ISS life cycle. It consists of a series of operational processes deployed and implemented on a daily basis to reduce the IS’s technical exposure to threats and attacks, and maintain the IS’s overall level of security.
These operational security processes address two types of asset:

• in a project context: maintains the security level of projects during the “run” phase of their life cycle,
• in a more general context: maintains security of the entire information system, which is the common technical foundation hosting the company’s digitised processes.

Scalian provides operational security support on a number of topics:

Security maintenance:

• Patch management
• Vulnerability management

Incident detection:

• SOC Analysts (L1, L2, L3)
• Threat intelligence
• Vulnerability assessment

Crisis management:

• Incident response and remediation
• Crisis management support
• Forensics

Technical audits and assessments:

• Intrusion testing
• Architecture audits
• Organisational and physical audits

Managed services: 

Scalian SOC : Scalian also offers its SOC as a MSSP, enabling you to benefit from comprehensive security incident detection as a managed service.

Scalian CERT: Scalian’s CERT offers an incident response solution in the form of a catalogue of individual and packaged services. The CERT’s role is to provide vulnerability monitoring and management functions, threat intelligence, incident response and R&D designed to improve the SOCs’ detection performance.