Preserve your vital activities
As part of its European strategy to combat cybercrime, in February 2013 the European Commission adopted a proposal for a directive aimed at ensuring a common high level of information network security in the Union. The organisations concerned must :
- Take preventive measures, of a technical and organisational nature, to detect and manage risks threatening the security of their computer networks and systems (RSI)
- Notify the competent authority, without undue delay, of “incidents that have a significant impact”. These are incidents that affect the security and continuity of a network or information system and result in a significant disruption of essential economic or societal functions.
- Be able to ensure that market participants comply with the obligations. These authorities should therefore be given powers to issue binding instructions and to require market participants to provide evidence of the effective implementation of security policies, such as the results of an audit carried out by an independent qualified body or a national authority.
If the computer networks of major banks, telecommunications operators, airports, EDF, SNCF (…) were to fall victim to a cyber attack, the consequences for France could be dramatic. Cities plunged into darkness, emergency services impossible to reach, planes grounded, economic activity in slow motion… The country would be paralysed, its citizens in danger. The state is therefore keeping a close watch on these companies classified as vital importance operators (VIOs).
You’re looking for:
- Obtain and/or maintain your compliance with the Military Programming Act
- Guarantee the continuity of service of your information systems by auditing your infrastructure, studying PRA and PCA, analysing certain products, identifying business risks, etc.
- Fight against fraud through behavioural analysis of your employees, fight against fraudulent data extraction
- Maintain your brand image
- Manage your security on a daily basis, control your ISSP and your risks with synthetic business indicators. Respond quickly to internal control with real-time indicators or bring your IS into compliance with regulations and provide your management with reliable indicators directly from the field.
- Fight against PTAs and viruses that threaten the availability of your IS
- Verify the security of your applications and websites through vulnerability audits, code audits or intrusive audits.
ITrust offers solutions made for you
Vulnerability auditing is carried out by an ITrust security engineer. He tests for you the vulnerability of your applications, websites or IS. He then goes up the vulnerabilities of your systems and establishes a detailed report for their correction.
Advice and expertise : assistance in writing the IS security policy and associated documents (incident and crisis management procedure, BCP/PRA)
Vulnerability Scanner : The IKare solution allows you to continuously monitor your safety and indicators according to the rules imposed by the ANSSI. IKare maps your network and very quickly identifies the critical components of your IVIS. IKare continuously analyzes IT networks and detects badly configured equipment, failures or weak passwords and non-updated applications. It classifies vulnerabilities by criticality levelIKare maps your network and very quickly identifies the critical components of your IVIS. IKare continuously analyzes IT networks and detects badly configured equipment, failures or weak passwords and non-updated applications. It classifies vulnerabilities by criticality level
Services : support in the certification process – risk analysis (FEROS), security operating procedure, audit of information systems of vital importance (SIIV)
Behavioural analysis : The Reveelium solution, a behavioural analysis tool, is perfectly adapted to PDIS SOCs. It is able to detect any unknown malevolence such as APT, malware, espionage… We also evaluate the detection capacity of your PDIS SOC by a Stress Test SOC.
Dashboard : the IKare solution, a vulnerability scanner, helps to maintain the good practices in IT security imposed by the ANSSI (support for the implementation of these good practices: encryption of your data and information exchanges / hardening of the configuration of your workstation / writing of security needs expression booklets / study of security solutions)
- Very strong experience in the defence sector
- We provide security for several departments
- Our sovereign technology solutions are not subject to the Patriot Act.
- ITrust is a trainer in ISO 27001, ISO 27005, standards applied in the banking field.