OUR SERVICES
IN CYBERSECURITY & GDPR COMPLIANCE
Equipment solutions
Choose and implement security tools
Software or hardware, we guide your choice of tools and can install and configure them for you, ensuring an efficient implementation.
Solutions in software code
Produce secure software code
We implement secure code production practices within your development cycles, with automation capabilities.
Governance solutions
Establish your safety rules, pursue certification
With our experts at your side, let's commit your company to long-term security, official valuation and regulatory compliance.
Outsourced management solutions
Our expert support is available and personalised
Let's clarify your choices with the advice of an expert consultant for each subject, who knows your business.
Training solutions
Raise awareness and safety skills
Technical, administrative or management staff : ensure the involvement of all your employees.
Partner offer
Find out more about our prices!
OUR METHODOLOGIES
Security methodology
Our security audits can be carried out in white-box, grey-box or black-box (pentest) mode. Whenever possible, we recommend the white-box methodology, for its completeness and the quality of its results.
A security audit is an assessment of a system, a process and/or an organisation, in order to visualise the weaknesses as well as the strengths of the associated information system.
Depending on your needs, we can carry out your security audits using the following methodologies:
-
Black-box audit (or pentest, for 'penetration testing'): an audit technique that aims to reproduce a cyber-attack, as close as possible to real conditions, in order to see which flaws could be exploited by malicious actors.
-
White-box audit: no penetration test as such is carried out. The white box audit is so named to emphasise the 'transparency' aspect of this technique: the consultant has all the necessary documentation (configuration documents, network architecture) and thus has an overview of all the elements that make up the organisation.
-
The grey box audit: this is a mixture of the white box audit and the black box audit. The consultant has a few pieces of information about the organisation being audited, information that could have been gathered using various social engineering or phishing techniques.
We base our studies on the relevant standards:
-
ISO 27001/2: for securing an information system;
-
ISO 27005 and EBIOS: for enterprise risk management;
-
ISO 31010 and NIST 800-30: for infrastructure risk assessment;
-
OWASP TOP 10: for risk assessment and application security.
We use recognised testing tools and customised tools to find vulnerabilities that can be identified in this way. We then supplement these tests, using our know-how and in-house resources, with in-depth analysis to identify problems that would otherwise go undetected.
-
Recognised infrastructure vulnerability testing tools: Nessus, Nmap, SSLyze, Vuls, etc.
-
Recognised application vulnerability testing tools: Burpsuite, etc.
Compliance methodology
The methodology we apply at CyberSecura combines the efficiency of an established process with the precision of highly individualised support.
Your organisation, your business, your employees and your practices are unique. The same applies to your compliance, which must be a faithful reflection of your data processing. The aim of this methodology is to establish effective compliance that is specific to you.
The support provided by an outsourced DPO is divided into 2 types of activity:
-
Operational Support: we respond to all your requests, from your employees, customers and subcontractors, as well as from institutions such as the CNIL, in relation to your operational compliance.
This support is a priority because your operations can't wait, and exercises of Data Protection Rights must be managed within a legal timeframe.
-
Documentation drafting: the responsibility for compliance includes the obligation to be able to account for compliance by establishing and maintaining a whole body of compliance documentation. This includes, in particular, the data processing register, but also other registers, linked to subcontracting or listing the exercise of data protection rights, the various information documents for the different categories of data subjects and Privacy Impact Assessments (PIA).
This activity of establishing the body of compliance documentation consists of CyberSecura's initial drafting work, followed by cycles of adjustments/validations with you, and then the release of each document or text.
The Support component and the Documentation component are therefore carried out in parallel, and the process follows the following stages:
-
Establishing the state of compliance:
-
Detailed understanding of your business, risk factors and challenges.
-
Identification of assets.
-
Identification of liabilities.
-
Identification of compliance areas to be targeted.
-
Design of a prioritised action plan.
-
Put in place the organisational arrangements for collaboration.
-
-
Start providing support, as we now have the minimum required knowledge of your organisation.
-
Urgent phase: the highest priority actions are carried out during this phase, the monthly volume of which is sized to deal with these emergencies.
-
Gradual compliance phase: the rest of the action plan is then carried out with a view to gradually increasing compliance, generally over several months or even years.
-
Compliance maintenance phase: once the action plan has been fully implemented, compliance maintenance involves a regular review of the documentation to eliminate elements that have become obsolete, add new elements or adapt those that have changed. The compliance governance process, involving collaboration between the Management Committee and the DPO, put in place during the compliance phase, must also be monitored on an ongoing basis.
This comprehensive and organised methodology is, of course, punctuated by a report on the state of play, followed by a quarterly reporting meeting to discuss the actions taken, those in progress or those encountering obstacles, and to summarise the overall progress in terms of compliance.
Why choose us?
COLLABORATION
Securing your business requires the efforts of everyone: we work with all of you, managers, engineers, technicians and so on.
FLEXIBILITY
Always in a position to make recommendations, never rigid: the customer remains the decision-maker.
COMMITMENT
Taking the success of the mission to heart is not a theory: it's the credo that drives the team.
REPORTING
Unlike a black box, our work is carried out in a structured and rhythmic transparency.
AGILITY
Your business and your priorities change every day, and so does our mission, which is to keep pace with these changes in order to remain at the top of our game.
CLIENTS' USECASES
Find out more about our services, our working methods and our customer references through these customer case studies. Each study consists of a customer case study sheet, a sector presentation sheet and a product sheet for the associated service!
Would you like to see our customer case studies translated into English? Just click here!
Cybersecurity case studies
State-of-play audit
For Odonatech, a software solution for financial institutions.
DevSecOps
For Bonitasoft, software editor.
ISSP drafting
For the Town Hall of Vif, a local authority in Isère.
Cybersecurity training and awareness-raising
For the Maison de l'Enfance Bachelard childcare and leisure centre.
Cyber due diligence
For SODEXO, French multinational.
Support towards SOC 2 type II certification
For Checkstep, software editor.
In-depth audit
For Kheoos, a BtoB marketplace for industrial maintenance parts.
Outsourced timeshare CISO
For the Town Hall of Vif, a local authority in Isère.
Security software solutions
For Bonitasoft, software editor.
Cybersecurity flash diagnosis
For CountAct, technology
start-up.
Outsourced timeshare CISO and DPO
For Odonatech, FinTech
start-up.
Support towards ISO 27001 certification
For TECHNIDATA, publisher of management software for biological analysis laboratories
Cybersecurity by design
For Extellient, creator of customised digital solutions
GDPR compliance case studies
Outsourced timeshare DPO
For PST38, an inter-company occupational health service.
Outsourced timeshare CISO and DPO
For Odonatech, FinTech
start-up.
Outsourced timeshare DPO
For NHTherAguix, nano-medicine start-up.
Outsourced timeshare DPO
For MARTI, publisher of a healthcare application
Project compliance study
For the Town Hall and Tourist Office of Les 2 Alpes in Isère.
GDPR training and awareness-raising
For the Maison de l'Enfance Bachelard childcare and leisure centre.
Outsourced timeshare DPO
For SATA Group, mountain resort operator.
Managing a data breach
For Présantis, inter-company occupational health service
Would you like to see these case studies translated into English? Click on the links below!
Ask for a quote!