OUR SERVICES
IN CYBERSECURITY & GDPR COMPLIANCE

PAGE CONTENTS

All our services

Our methodologies

Read out our clients' usecases

Les prestations

solutions audits

Audit solutions

Know your compliance & cyber-risk situation

Vulnerabilities and threats, compliance gaps, recommendations and security strategies : these solutions provide the necessary visibility to orient and prioritise mitigation and governance actions.

solutions équipements

Equipment solutions

Choose and implement security tools

Software or hardware, we guide your choice of tools and can install and configure them for you, ensuring an efficient implementation.

solutions code logiciel

Solutions in software code

Produce secure software code

We implement secure code production practices within your development cycles, with automation capabilities.

DevSecOps

SDL PRACTICES

solution gouvernance

Governance solutions

Establish your safety rules, pursue certification

With our experts at your side, let's commit your company to long-term security, official valuation and regulatory compliance.

STRATEGY FRAMING

POLICIES & PROCEDURES

ISO 27001 CERTIFICATION

GDPR

OUTSOURCED GOVERNANCE

SOC 2 CERTIFICATION

gestion externalisée

Outsourced management solutions

Our expert support is available and personalised

Let's clarify your choices with the advice of an expert consultant for each subject, who knows your business.

TIMESHARE CISO

TIMESHARE DPO

solutions de formation

Training solutions

Raise awareness and safety skills

Technical, administrative or management staff : ensure the involvement of all your employees.

Partner offer

Find out more about our prices!

Pricing

OUR METHODOLOGIES

les método

Security methodology

Our security audits can be carried out in white-box, grey-box or black-box (pentest) mode. Whenever possible, we recommend the white-box methodology, for its completeness and the quality of its results.

A security audit is an assessment of a system, a process and/or an organisation, in order to visualise the weaknesses as well as the strengths of the associated information system.

Depending on your needs, we can carry out your security audits using the following methodologies:

Black-box audit (or pentest, for 'penetration testing'): an audit technique that aims to reproduce a cyber-attack, as close as possible to real conditions, in order to see which flaws could be exploited by malicious actors.
White-box audit: no penetration test as such is carried out. The white box audit is so named to emphasise the 'transparency' aspect of this technique: the consultant has all the necessary documentation (configuration documents, network architecture) and thus has an overview of all the elements that make up the organisation.
The grey box audit: this is a mixture of the white box audit and the black box audit. The consultant has a few pieces of information about the organisation being audited, information that could have been gathered using various social engineering or phishing techniques.

We base our studies on the relevant standards:

ISO 27001/2: for securing an information system;
ISO 27005 and EBIOS: for enterprise risk management;
ISO 31010 and NIST 800-30: for infrastructure risk assessment;
OWASP TOP 10: for risk assessment and application security.

We use recognised testing tools and customised tools to find vulnerabilities that can be identified in this way. We then supplement these tests, using our know-how and in-house resources, with in-depth analysis to identify problems that would otherwise go undetected.

Recognised infrastructure vulnerability testing tools: Nessus, Nmap, SSLyze, Vuls, etc.
Recognised application vulnerability testing tools: Burpsuite, etc.

Compliance methodology

The methodology we apply at CyberSecura combines the efficiency of an established process with the precision of highly individualised support.

Your organisation, your business, your employees and your practices are unique. The same applies to your compliance, which must be a faithful reflection of your data processing. The aim of this methodology is to establish effective compliance that is specific to you.

The support provided by an outsourced DPO is divided into 2 types of activity:

Operational Support: we respond to all your requests, from your employees, customers and subcontractors, as well as from institutions such as the CNIL, in relation to your operational compliance.

This support is a priority because your operations can't wait, and exercises of Data Protection Rights must be managed within a legal timeframe.
Documentation drafting: the responsibility for compliance includes the obligation to be able to account for compliance by establishing and maintaining a whole body of compliance documentation. This includes, in particular, the data processing register, but also other registers, linked to subcontracting or listing the exercise of data protection rights, the various information documents for the different categories of data subjects and Privacy Impact Assessments (PIA).

This activity of establishing the body of compliance documentation consists of CyberSecura's initial drafting work, followed by cycles of adjustments/validations with you, and then the release of each document or text.

The Support component and the Documentation component are therefore carried out in parallel, and the process follows the following stages:

Establishing the state of compliance:
- Detailed understanding of your business, risk factors and challenges.
- Identification of assets.
- Identification of liabilities.
- Identification of compliance areas to be targeted.
- Design of a prioritised action plan.
- Put in place the organisational arrangements for collaboration.

Start providing support, as we now have the minimum required knowledge of your organisation.

Urgent phase: the highest priority actions are carried out during this phase, the monthly volume of which is sized to deal with these emergencies.
Gradual compliance phase: the rest of the action plan is then carried out with a view to gradually increasing compliance, generally over several months or even years.
Compliance maintenance phase: once the action plan has been fully implemented, compliance maintenance involves a regular review of the documentation to eliminate elements that have become obsolete, add new elements or adapt those that have changed. The compliance governance process, involving collaboration between the Management Committee and the DPO, put in place during the compliance phase, must also be monitored on an ongoing basis.

This comprehensive and organised methodology is, of course, punctuated by a report on the state of play, followed by a quarterly reporting meeting to discuss the actions taken, those in progress or those encountering obstacles, and to summarise the overall progress in terms of compliance.

Why choose us?

COLLABORATION

Securing your business requires the efforts of everyone: we work with all of you, managers, engineers, technicians and so on.

FLEXIBILITY

Always in a position to make recommendations, never rigid: the customer remains the decision-maker.

COMMITMENT

Taking the success of the mission to heart is not a theory: it's the credo that drives the team.

REPORTING

Unlike a black box, our work is carried out in a structured and rhythmic transparency.

AGILITY

Your business and your priorities change every day, and so does our mission, which is to keep pace with these changes in order to remain at the top of our game.

CLIENTS' USECASES

les cas clients

Find out more about our services, our working methods and our customer references through these customer case studies. Each study consists of a customer case study sheet, a sector presentation sheet and a product sheet for the associated service!

Would you like to see our customer case studies translated into English? Just click here!