We perfom technical and organizational assessments on cybersecurity for information systems. The reports are written in a way that makes the findings and recommendations easy to understand. Our reports are oriented towards an audience of decision-makers, in order to facilitate their decisions. We focus on the relevance of the recommendations and their feasibility, especially when we work with small and medium-sized companies.
Architecture audit
Check the security of network, system, cloud architectures
Configuration audit
Control the settings of network equipments, IT and applications servers, endpoints
Organizational Audit
To assess the cyber maturity and standards compliance within the organization
Subcontracting audit
To assess the security of your data entrusted to your suppliers and subcontractors
Our evaluation and audit method is designed to meet the expectations of big companies and also to adapt to organizations that are not experts in IS security, particularly SMBs and businesses undergoing digital transformation.
The reports are written in such a way as to make the findings and recommendations easy to understand. Our reports are oriented towards an audience of decision-makers, in order to facilitate their decisions. Our audit teams are built to guarantee the consistency of the findings, the relevance of the recommendations and the feasibility of their implementation.
In a unitary or packaged way, we carry out:
Web Penetration Test
To assess the security of your web applications and APIs
Infrastructure Penetration Test
To assess the security of your IT infrastructure and network: workstations, servers, network equipment, file shares, Active Directory.
Mobile Application Penetration Test
To assess the security of your Android apps
Cloud Penetration Test
To assess the security of your AWS, Azure, M365, GCP Cloud environments
Security is now essential to the entire chain of products and services. Our feedback and expertise focus both on normative standards (ISO 27001/27002, NIS, NIST, GDPR, cyber frameworks and states guides, etc.) and on the security requirements imposed on subcontractors by their customers.
To define and achieve your security objectives, we offer end-to-end monitoring, realistic solutions, a fair balance between the implementation of controls and their impact on your activities. Through concrete and operational awareness of your teams, we promote the adoption of digital security culture in your organization.
We bring the following expertise and perform:
Creating the cyber foundations
To answer the question "Where to start with Cyber Security?"
Risk analysis
To assess and build a cyber risk treatment plan. EBIOS, EBIOS Risk Manager (EBIOS RM) or ISO 27005
Global Information Security Policy (GISP)
Definition, drafting of the document and action plan for the concrete implementation of the Global Information Security Policy
Information Security Assurance Plan (ISAP)
Definition and drafting of the document gathering the objectives and security controls to implement for a project or a service externalisation
Action Plan - Remediation
How to fix the flaws highlighted in an audit report? Where are the priorities? Will my team be able to deal with them?
Resilience and business continuity
Implement the "Prepare-Detect-React" approach to ensure disaster recovery in the event of a cyber-attack
Information systems acceptance
To meet the requirements of the French General Safety Regulation (RGS), we carry out all or part of the approval file.
The training sessions are carried out by SEC-IT employees in order to share their skills and feedback from the field.
Our modules are built to transmit in a lively and concrete way. Practical cases from the real world are offered to learners with feedback from the trainer.
We focus our training actions on:
Our sessions are addressed according to the theme:
Become a cyber team member
The cyber team member, as an internal player in the company, brings its business knowledge and contributes to the control of cyber risks.
Manage Information Security in new projects
To understand and master the security needs of the IS and the cyber risks during the implementation of an information system.
Secure software development
Master the principles and best practices of secure development. Know the classic vulnerabilities in order to protect against them.
Introduction to hacking techniques
Learn the methodology of Ethical Hacking, take ownership of common attacks and vulnerabilities.
To bring SEC-IT cyber security skills and expertise for build and run activities such as: