ITrust Security Metrics
Based on ISO 27001,CVSS 2.0 requirements and security best practices, ITrust Security Metrics is a reliable and cost-effective label that helps organizations prove their level of commitment to the security of the data they operate.
Secure your websites and networks – Reassure your customers
The delegation of IT resources to a third party, such as a migration to the cloud, may lead to a loss of control over the information system. This can occur in a complex environment, framed by a significant regulatory context: CNIL, E-Privacy, DMP, HDS, SoX, Bale III, PCI, ISO 2700X/27001, HIPAA, SAS70.
For the customer, the challenge of the cloud and extended and distributed computing is to be able to control its outsourced data by controlling SLAs and service quality through the confidentiality and integrity of its data.
ITrust Security Metrics is a service offered by ITrust to independently establish the security level of an architecture according to criteria and objectives based on international standards.
The principle is to scan, thanks to IKare, the company’s websites and/or networks, in order to detect flaws and vulnerabilities and to jointly conduct a security policy, thanks to the support of ITrust security engineers.
A label is then generated and posted on the company’s website to prove to its customers the rigorous efforts it undertakes to maintain a maximum level of security.
Advantages
- Identification of vulnerabilities
- Supervision of system updates
- Verification of security and integrity controls
- Detailed reporting with the IKare solution
- Conducting “on-demand” scans to ensure correction
- Traceability of corrections made
- Organisational support by specialised safety engineers
- Strengthen your customers’ confidence in your efforts to maintain a maximum level of security
Description of the label
It is based on the one hand on the SaaS software solution, IKare (Security Monitoring developed by ITrust, labelled by Oséo), for vulnerability scans and security controls, and on the other hand on the ISO 27001 and 27002 standards for good management practices.
The ITrust Security Metrics label guarantees that the information system is configured and operated according to the best security practices and complies with regulations and the state of the art.
ITrust Security Metrics is available in four levels of certification:
| Criteria / Requirements | Niveau 1 | Niveau 2 | Niveau 2+ | Niveau 3 | Niveau 4 |
|---|---|---|---|---|---|
| Vulnerability scan (via IKare) | 1/week | 3 days | 3 days | 2 days | 1/day |
| Vulnerability remediation timeframes | 1 week | 3 days | 3 days | 48h | 24h |
| Physical Security | √ | √ | √ | ||
| Asset Management | √ | √ | √ | ||
| Communications and Operations Management | √ | √ | √ | ||
| Access control | √ | √ | |||
| Incident Management | √ | √ | |||
| Security policy | √ | √ | |||
| Organization of the safety function | √ | √ | |||
| Human Resources | √ | √ | |||
| Disaster recovery and business continuity | √ | √ | |||
| Compliance | √ | √ | |||
| ISO 27001 customer accreditation | √ |
Our clients say it better than we do:
We have always been aware of the importance of security for our customers, and it is only natural that we have turned to ITrust to provide them with an additional guarantee. Today, the implementation of monitoring and performance management tools coupled with a Vulnerability Management solution allows us to secure our infrastructures to 99%.
Thanks to the audits carried out by ITrust, we realized that some security flaws were not detected until now by our IT manager, who is both judge and jury.
The implementation of the IKare label via the trusted third party ITurst is a real plus for our customers. It guarantees them our total transparency in terms of security.