Our know-how is based on several complementary approaches to ensure the continuity of services and the security of our clients' information systems.
Transforming your fears into added value.
With the skills of its consultants, SIFARIS helps you to express your needs, understand the issues, qualify and measure the risks associated with your activity.
Recent regulations (Basel, EUROSOX, AMF) have required, for example, that credit institutions create tools to assess all risks.
All large companies are now aware of the problems of information systems security. Most of them entrust one or more of their employees with the task of monitoring this. The Information Systems Security Manager (ISSM) is the company’s “Mr Security”.
Medium-sized companies or group subsidiaries are aware of the risk situations but do not always have a dedicated CISO, as this is too expensive. The IT manager who holds this position is usually busy with day-to-day operations and does not devote the time or thought necessary to deal with this issue properly. It is for these companies that SIFARIS has developed an “outsourced CISO” offer.
This offer provides companies with a consultant specialised in ISO 27001 whose mission is to progressively increase the company’s level of security while using the PDCA (Plan, Do, Check, Act) loop according to its resources, constraints and objectives. He or she assists the CISO or CIO throughout the year to advise and support him or her on specific issues.
The drafting of an IS security policy is only one of the stages in the establishment of this policy, where other work is necessary:
– Prior analysis of the company’s security objectives;
– The act of commitment by the management, validating these objectives;
– Analysis of the existing situation to identify the organisation and measures to be implemented,
– Drafting of the security policy;
– Drafting of the procedures relating to the policy;
– Drawing up the action plan necessary for the implementation of the security policy;
– The creation of security monitoring dashboards;
– The charter for the proper use of IT resources;
– The Cloud Computing Policy;
– The supplier policy;
– User awareness.
SIFARIS brings its know-how to each step of the security policy design and scrupulously follows the ISO 27001 standard.
SIFARIS has particular expertise in the area of IT risk management and internal control systems
and internal control systems that meet regulatory requirements.
Together, we will identify your security objectives on a case-by-case basis
and will propose an adapted solution that takes into account the
– Banks: Basel II, LSF;
– ISO 27001/27002/27005;
– ISO 20000;
– Information Security Policy;
– Governance (Cobit).
Risk analysis :
Our risk analysis and IS diagnostic services can easily be integrated into a more global project such as the establishment of a security policy or the implementation of an IT recovery plan. For these analyses, our consultants use recognised methodologies, but can also use customised approaches adapted to your context within the framework of an IT recovery plan.
The identification of security risks in projects remains an essential function for companies and taking them into account, from the design stage, is a major challenge for reducing risks.
SIFARIS aims to support its clients in terms of security in IS project management.
The scope of application of the integration of security in projects is based on :
– Business applications to be developed and/or integrated;
– Business software packages to be integrated;
– The information system infrastructure elements to be implemented;
– The methods of applying risk management must be specified at the start of the project.
We ensure that the service provider provides a level of security in accordance with the state of the art in each of the technologies implemented.
Here is a (non-exhaustive) list of applicable rules:
– Application environment maintained taking into account the recommendations;
– Application of patches by publishers;
– Rigorous control of user input (format and content);
– Securing access to administration functions;
– Installation of the minimum number of functions necessary at the time of installation;
– Principle of least privilege;
– Use of passwords in the code prohibited;
– Implementation of effective error handling.
SIFARIS, in view of the business processes and IS issues at each stage, is able to provide you with personalised, value-added advice:
– Organisational security audits;
– SWIFT audits;
– Studies of the risks weighing on your information system;
– Awareness, communication and training on information security within your company.
SIFARIS helps you to control cyber risks by intervening to ensure and organise your company’s compliance while optimising your information management processes and putting in place a set of measures to comply with the various laws, regulations and sectoral or contractual requirements.
SIFARIS tests your company’s resilience, identifies your security weaknesses by testing your security systems by :
– Simulating an attack through penetration testing and social engineering;
– Security audit of your information system to identify vulnerabilities in your organisation’s systems, networks and cloud environments.
Measuring the performance of your monitoring processes and security teams through Red Team exercises.
Detect security incidents quickly and prevent potential cyber-attacks before they occur, in order to protect all your data and reduce your exposure to cyber risks.
SIFARIS assists you in setting up a threat detection and cyber incident response system to better anticipate the future.
Identifying the source of malicious activity as a result of an incident, a breach or as part of a dispute involving digital evidence. Whether it is to fight against digital fraud or unauthorised use of the information system, there are many causes and they can have serious consequences on the company’s activities. SIFARIS can help you recover digital evidence in accordance with legal procedures.
SIFARIS supports its clients in a global reflection aimed at integrating security into the company’s strategy and the practice of their business.
Data theft is a threat that is increasingly weighing on companies. The principle remains simple, it is the exploitation of a vulnerability making the information system perceptible to a cyber-malicious person by means of a Phishing type email allowing him to fraudulently introduce himself on your servers and to neutralize all the tools; in particular of data backup then to exfiltrate your data to generally encrypt them directly on your information system thereafter making them unusable for you.
The aim of the cyber-malware is to demand a ransom from you in order to give you back access, not only to your data, but also sometimes to your servers.
The best way to manage a crisis is to be prepared for it
This type of incident can have disastrous consequences on a company’s activities, affecting in particular the motivation of its staff, its customers, its assets and its reputation. SIFARIS supports you in this crisis situation.
Expert support can be a key element in the management of crisis situations and a valuable aid in negotiating and minimising the risks involved in this type of incident. Managing a crisis situation requires specific skills based on a dual approach: consulting and cyber protection
Immediate access to the expertise of specialist crisis management consultants who advise you on the sensitive and complex issues surrounding a cyber attack. The expertise of the consultants helps companies to better ensure crisis management and decision making in the face of a Cyber attack. It is also a source of quality advice to COMEX members when such incidents occur.
Support for the remediation of your information system and we help you to set up the right level of cyber protection in your company (action plan, assessment of your risks, your exposure on the Internet, state of the threat, identification of the threat, employee awareness).
SIFARIS’ strategic intelligence unit aims to support companies in implementing genuine strategies for monitoring and deciphering information, anticipating and preventing malicious acts, managing perceptions and image, and corporate social responsibility.
Strategic intelligence (i.e. economic intelligence applied for the benefit of all organisations, not just companies) must therefore make it possible to anticipate in order to design and take major decisions guaranteeing the company’s long-term survival and sustainable development. It also contributes to the execution of the strategy (via influence communication actions). Finally, it must ensure the protection of sensitive information. The purpose of economic intelligence is to :
– Build or improve monitoring systems (in particular by refining the methodology, sources, extending the networks of experts, insisting on the work of mapping actors – in particular the relational dynamics uniting legal or physical persons);
– Protecting employees, sites and the information capital of companies against malicious acts;
– Positively shaping the organisation’s environment, in strict compliance with the legal and ethical framework, in order to build a valuable image that generates global added value for the development of a brand and the network of actors and structures that make it up.