_edited.png)
SECURITY & GDPR AUDITS SOLUTIONS
IT security audits
A security audit is an evaluation of a system, product, process and/or organisation, in order to visualise the weaknesses as well as the strengths of the a associated information system, before these vulnerabilities are exploited by malicious actors.
A security audit is generally carried out by external service providers who are experts in the field.
​
An audit can be technical (i.e. the detection of security flaws and vulnerabilities within a system, product or application) or non-technical, i.e. the security of internal organisational practices.
​
​
1- Technical safety audits
When it comes to safety audits, three methodologies exist :
-
Black box audit : this audit technique aims to reproduce a cyber-attack in order to identify a certain number of flaws that could allow hackers to compromise the system. The consultant has no information about the company when he undertakes his attack, except for a company name and/or IP address, which is very easily retrievable information for the attackers. The real conditions of an attack are then reproduced. This type of audit is also called a pentest (for 'penetration testing').
-
The grey box audit : the consultant carries out his attack, this time with some additional information (such as user access, an administrator login, etc.) representing a gateway to the organisation. Here again the consultant uses information that the attacker could have previously retrieved to carry out his attack. This type of audit is also considered as a pentest.
-
The white-box audit is not a pentest as such: no attack is perpetrated. It is a much more thorough security analysis. The white-box audit is so named to emphasise the aspect of 'transparency': for this type of audit, the requesting organisation provides the consultants with all the information concerning the data, its storage, processing, information systems, etc. The consultants are then responsible for identifying the problems that may have arisen. The consultants are then tasked with identifying flaws and vulnerabilities in the system presented to them. This type of audit allows a 360° consideration of the flaws and vulnerabilities of an organisation. By not only testing a product/application or network infrastructure, but going through the entire design of the information system in detail, the white-box audit provides a more complete and holistic view of the situation.
​
​
While we tend to favour the white box methodology for its comprehensiveness, each of the audits proposed below can be conducted in white, grey of black box mode.
​
To find out more about our black box audit services (pentest), please consult this page.
* The production of optional deliverables is not included in the duration or price of the service and these additional elements will be added to the overall service.
2- Non-technical safety audits
​
Non-technical audits do not focus on a specific product, application or information system, but on internal security practices. CyberSecura offers the following non-technical audits :
-
Organisational audit, in order to assess your internal security practices, procedures and policies.
-
Internal audit, as part of the pursuit of an ISO 27001 certification and to test the ISMS in place, verify internal procedures and policies, etc.
-
Gap Analysis, also in the context of pursuing an ISO 27001 certification and in order to take stock of the current and future elements.
WHAT THEY SAY
Guillaume Lepelletier, CTO at Kheoos
"The elements that I particularly appreciated in the solution provided by CyberSecura were the "tailor-made" support aspect. [...] CyberSecura really tried to understand our needs and to adapt its offer to our needs and our means."
Stéphane Dothee, CEO at Odonatech
"We chose to entrust this mission to CyberSecura because of its recognised professionalism and the proximity of our two companies. [...]. We particularly appreciated the responsiveness of the teams."
THE USECASES
Find out more about our security audit services. If you download the usecases on this page, you will access French content. If you want to read these usecases in English,
State-of-play audit
For Odonatech, a software solution for financial institutions.
In-depth audit
For Kheoos, a BtoB marketplace for industrial maintenance parts.
GDPR compliance audits
The purpose of these GDPR regulatory compliance audits is to provide you with an initial overview of your level of compliance as well as your priority compliance issues.
* The production of optional deliverables is not included in the duration or price of the service and these additional elements will be added to the overall service.
N.B. : the hourly volumes are given as an indication only, and may vary according to the size of the organisation, the audit objectives, the scope of the audit, etc.
WHAT THEY SAY
Laurent Sabot, Data Analyst at les 2 Alpes Tourism Office
"This compliance study enabled us to highlight opportunities that immediately spoke to the various decision-makers. David assured us that the GDPR was not only a constraint but also a lot of opportunities, which is often hard to believe when we talk about regulations. [...] But the result was just the opposite so we were very happy."
Lounis Lakhal, Co-founder at CountAct
"We found these flash diagnoses very suitable for start-ups: firstly, because cybersecurity and data protection are very topical issues, and secondly, for the fact that they are free of charge, which allows smaller companies like us to have a 'foot in the door'."
THE USECASES
Find out more about our security audit services. If you download the usecases on this page, you will access French content. If you want to read these usecases in English,
Project compliance study, privacy by design
For Town Hall and Tourist Office of
les 2 alpes in Isère.
Flash study
For CountAct, technology start-up.
Are you a start-up or a small business?
Discover our service offers exclusively for small businesses!