Our know-how is based on several complementary approaches to ensure the continuity of services and the security of our clients' information systems.
Transforming your fears into added value.
With the skills of its consultants, SIFARIS helps you to express your needs, understand the issues, qualify and measure the risks associated with your activity.
Recent regulations (Basel, EUROSOX, AMF) have required, for example, that credit institutions create tools to assess all risks.
All large companies are now aware of the problems of information systems security. Most of them entrust one or more of their employees with the task of monitoring this. The Information Systems Security Manager (ISSM) is the company’s “Mr Security”.
Medium-sized companies or group subsidiaries are aware of the risk situations but do not always have a dedicated CISO, as this is too expensive. The IT manager who holds this position is usually busy with day-to-day operations and does not devote the time or thought necessary to deal with this issue properly. It is for these companies that SIFARIS has developed an “outsourced CISO” offer.
This offer provides companies with a consultant specialised in ISO 27001 whose mission is to progressively increase the company’s level of security while using the PDCA (Plan, Do, Check, Act) loop according to its resources, constraints and objectives. He or she assists the CISO or CIO throughout the year to advise and support him or her on specific issues.
The drafting of an IS security policy is only one of the stages in the establishment of this policy, where other work is necessary:
– Prior analysis of the company’s security objectives;
– The act of commitment by the management, validating these objectives;
– Analysis of the existing situation to identify the organisation and measures to be implemented,
– Drafting of the security policy;
– Drafting of the procedures relating to the policy;
– Drawing up the action plan necessary for the implementation of the security policy;
– The creation of security monitoring dashboards;
– The charter for the proper use of IT resources;
– The Cloud Computing Policy;
– The supplier policy;
– User awareness.
SIFARIS brings its know-how to each step of the security policy design and scrupulously follows the ISO 27001 standard.
SIFARIS has particular expertise in the area of IT risk management and internal control systems
and internal control systems that meet regulatory requirements.
Together, we will identify your security objectives on a case-by-case basis
and will propose an adapted solution that takes into account the
– Banks: Basel II, LSF;
– ISO 27001/27002/27005;
– ISO 20000;
– Information Security Policy;
– Governance (Cobit).
Risk analysis :
Our risk analysis and IS diagnostic services can easily be integrated into a more global project such as the establishment of a security policy or the implementation of an IT recovery plan. For these analyses, our consultants use recognised methodologies, but can also use customised approaches adapted to your context within the framework of an IT recovery plan.
The identification of security risks in projects remains an essential function for companies and taking them into account, from the design stage, is a major challenge for reducing risks.
SIFARIS aims to support its clients in terms of security in IS project management.
The scope of application of the integration of security in projects is based on :
– Business applications to be developed and/or integrated;
– Business software packages to be integrated;
– The information system infrastructure elements to be implemented;
– The methods of applying risk management must be specified at the start of the project.
We ensure that the service provider provides a level of security in accordance with the state of the art in each of the technologies implemented.
Here is a (non-exhaustive) list of applicable rules:
– Application environment maintained taking into account the recommendations;
– Application of patches by publishers;
– Rigorous control of user input (format and content);
– Securing access to administration functions;
– Installation of the minimum number of functions necessary at the time of installation;
– Principle of least privilege;
– Use of passwords in the code prohibited;
– Implementation of effective error handling.
SIFARIS, in view of the business processes and IS issues at each stage, is able to provide you with personalised, value-added advice:
– Organisational security audits;
– SWIFT audits;
– Studies of the risks weighing on your information system;
– Awareness, communication and training on information security within your company.
SIFARIS helps you to control cyber risks by intervening to ensure and organise your company’s compliance while optimising your information management processes and putting in place a set of measures to comply with the various laws, regulations and sectoral or contractual requirements.
SIFARIS tests your company’s resilience, identifies your security weaknesses by testing your security systems by :
– Simulating an attack through penetration testing and social engineering;
– Security audit of your information system to identify vulnerabilities in your organisation’s systems, networks and cloud environments.
Measuring the performance of your monitoring processes and security teams through Red Team exercises.
Detect security incidents quickly and prevent potential cyber-attacks before they occur, in order to protect all your data and reduce your exposure to cyber risks.
SIFARIS assists you in setting up a threat detection and cyber incident response system to better anticipate the future.
Identifying the source of malicious activity as a result of an incident, a breach or as part of a dispute involving digital evidence. Whether it is to fight against digital fraud or unauthorised use of the information system, there are many causes and they can have serious consequences on the company’s activities. SIFARIS can help you recover digital evidence in accordance with legal procedures.
SIFARIS supports its clients in a global reflection aimed at integrating security into the company’s strategy and the practice of their business.
Data theft is a growing threat to businesses. The principle is simple: exploit a vulnerability that makes your information system perceptible to a cyber-malware attacker, by sending a phishing-type e-mail. This enables the attacker to fraudulently gain access to your servers and neutralize all the tools, particularly data backup tools, before exfiltrating your data and encrypting it directly on your information system, rendering it unusable for you.
One of the cyber-malware’s objectives is financial, by demanding a ransom in order to give you back access not only to your data, but sometimes also to your servers.
The best way to manage a crisis is to be prepared for it
Such incidents can have disastrous consequences for a company’s activities, affecting the motivation of its staff, its customers, its assets and its reputation. SIFARIS can support you in this crisis situation.
Expert support can be a key element in managing crisis situations, and a valuable aid in negotiating and minimizing the risks involved. Managing a crisis situation requires specific skills based on a dual approach: consulting and Cyber protection.
The uncertainty surrounding Cyber incidents can be overwhelming for a manager or his or her executives, but with SIFARIS by your side, you won’t be alone. Our team of experts will guide you every step of the way. Crisis management requires a close partnership to minimize risk, protect your reputation and ensure your business returns to normal quickly and efficiently.
Assess your risks and identify your Cyber and organizational vulnerabilities by planning a Cyber diagnostic with SIFARIS to ensure your crisis management is successful, not forgetting to train and raise awareness of your teams in best Cyber security practices to reduce the risk of incidents.
Alert and detect to quickly identify signs of incidents, respond and coordinate actions by mobilizing internal teams (business and technical) when the crisis plan is activated. Internal and external communication to keep customers, employees and the authorities informed of the extent of the incident and the progress made. At the same time, digital analysis will determine the origin and scale of the incident while preserving accumulated evidence.
Re-establish and restore services, data and systems affected by the Cyber incident. Managing communication with stakeholders, including customers, employees, partners and authorities, is vital, and must be as efficient and transparent as possible. Then comes learning and post-mortem analysis of the incident, to identify flaws and improve the system and future procedures.
Responding to cyber attacks
Faced with the growing complexity of cyber threats, SIFARIS opens up its network of experts to you. These specialized consultants offer tailored “Cyberattack” crisis management support. Among other things, they assess the internal impact on the company and provide advice to support the manager and/or his staff. Acting as the interface with the cyber teams, they provide information on the issues at stake, and propose strategies according to the stages of resolution, thus preserving management’s decision-making capacity.
Support for the remediation of your information system and we help you to set up the right level of cyber protection in your company (action plan, assessment of your risks, your exposure on the Internet, state of the threat, identification of the threat, employee awareness).
SIFARIS’ strategic intelligence unit aims to support companies in implementing genuine strategies for monitoring and deciphering information, anticipating and preventing malicious acts, managing perceptions and image, and corporate social responsibility.
Strategic intelligence (i.e. economic intelligence applied for the benefit of all organisations, not just companies) must therefore make it possible to anticipate in order to design and take major decisions guaranteeing the company’s long-term survival and sustainable development. It also contributes to the execution of the strategy (via influence communication actions). Finally, it must ensure the protection of sensitive information. The purpose of economic intelligence is to :
– Build or improve monitoring systems (in particular by refining the methodology, sources, extending the networks of experts, insisting on the work of mapping actors – in particular the relational dynamics uniting legal or physical persons);
– Protecting employees, sites and the information capital of companies against malicious acts;
– Positively shaping the organisation’s environment, in strict compliance with the legal and ethical framework, in order to build a valuable image that generates global added value for the development of a brand and the network of actors and structures that make it up.