Manager information system security
Compliance without revolution (GRC)
Presentation of our offer
What does our information security offer include?
Our objective: continuous improvement of your security and availability while respecting your existing systems and constraints.
Assessing your ISS
We survey your ISS maturity and practices
What are your business processes?
What are your main risks?
What are the standards in your industry?
We analyze your company's processes, risks and ISS practices.
We identify potential vulnerabilities with the team.
Creating a document repository
Security standards recommend integrating the security dimension upstream of projects in the design phases, as a part of a Security by design approach.
Documentation must be drafted for :
Insurance companies (in support of questionnaires)
Clients (certification elements)
Service providers internal (understanding of security issues and pratices)
Defining and implementing an improvement plan
This includes identifying the technical or organizational actions to be taken. We implement this plan with the customer's service providers (project mode, delegated project management mode). And we monitor it.
Writing up your ISSP
We draw up your information systems security policy.
We assist you in setting up processes and monitoring dashboards accordingly.
Benefits
How Isitix can help you secure your infrastructures
Our offer has been designed to meet the ever-changing needs of our customers.
We bring you our experience in security architecture and organization.
In this way, we integrate the functional bricks best suited to your existing systems, such as:
IDS, IPS, SIEM, EDR
Backup and recovery plan
Identity access management
We also reconcile the formal aspects of security standards, ISO, PCI-DSS and your organization's operational security.
Find pragmatic solutions that integrate with your existing systems to strengthen your ISS, and invest where necessary
Formalize your ISS pratices, assess your level of ISS protection and be able to comply with your customers ISS framework
Prepare for ISO27001, PCI-DSS, HDS or other certification depending on the clients requirements
Anticipate problems and learn how to manage incidents and crises
Case study
A start-up in the digital
Customer issues
Formalize its security and adapt it to the needs of key account customers and prospects.
The context is that of a start-up with small teams and limited resources.
Context and constraints
This start-up markets a digital service to key accounts.
Business growth and the strategic importance of the service for their customers led them to audit the start-up and provide it with security questionnaires and a framework to respect.
4 elements must be taken into account:
A small team and limited resources with little key account culture
A complex and evolving technological environment
Highly formalized customer requirements and significant risks
A certain urgency
Proposed solution
We draw up a safety policy that is as close as possible to the existing situation and available resources, but in line with customer requirements.
At the same time, we maintain an inventory of discrepancies and work to be carried out or in progress. And we urgently carry out projects concerning the most significant deviations.
A number of projects have therefore been carried out:
Interviewing teams and collecting existing data
Definition of the ISSP plan and joint drafting with internal teams
Gap identification and monitoring, workload and security operating processes
Creation of an audit repository
The gain
Our service enabled the start-up to adopt a formalized security approach, while meeting the expectations of its major customers.
