Audit

Audit

SEC-IT is PASSI: Trusted Service Provider for auditing activity. The PASSI qualification is a recommendation by the French State of auditing services proven and approved by the French National Agency for Information Security (ANSSI). The PASSI specifications ensure that the qualified service provider complies with audit standards (ISO 19011) and best practices in technical and organizational vulnerability assessment.

The reports are written in a way that makes the findings and recommendations easy to understand. Our reports are oriented towards an audience of decision-makers, in order to facilitate their decisions. We focus on the relevance of the recommendations and their feasibility, especially when we work with small and medium-sized companies.

Architecture audit

Check the security of network, system, cloud architectures

Configuration audit

Control the settings of network equipments, IT and applications servers, endpoints

Organizational Audit

To assess the cyber maturity and standards compliance within the organization

Subcontracting audit

To assess the security of your data entrusted to your suppliers and subcontractors

Penetration testing

Our evaluation and audit method is designed to meet the expectations of big companies and also to adapt to organizations that are not experts in IS security, particularly SMBs and businesses undergoing digital transformation.

The reports are written in such a way as to make the findings and recommendations easy to understand. Our reports are oriented towards an audience of decision-makers, in order to facilitate their decisions. Our audit teams are built to guarantee the consistency of the findings, the relevance of the recommendations and the feasibility of their implementation.

In a unitary or packaged way, we carry out:

Web Penetration Test

To assess the security of your web applications and APIs

Infrastructure Penetration Test

To assess the security of your IT infrastructure and network: workstations, servers, network equipment, file shares, Active Directory.

Mobile Application Penetration Test

To assess the security of your Android apps

Cloud Penetration Test

To assess the security of your AWS, Azure, M365, GCP Cloud environments

Penetration testing

Consulting and governance

Consulting and governance

Security is now essential to the entire chain of products and services. Our feedback and expertise focus both on normative standards (ISO 27001/27002, NIS, NIST, GDPR, cyber frameworks and states guides, etc.) and on the security requirements imposed on subcontractors by their customers.

To define and achieve your security objectives, we offer end-to-end monitoring, realistic solutions, a fair balance between the implementation of controls and their impact on your activities. Through concrete and operational awareness of your teams, we promote the adoption of digital security culture in your organization.

We bring the following expertise and perform:

Creating the cyber foundations

To answer the question "Where to start with Cyber Security?"

Risk analysis

To assess and build a cyber risk treatment plan. EBIOS, EBIOS Risk Manager (EBIOS RM) or ISO 27005

Global Information Security Policy (GISP)

Definition, drafting of the document and action plan for the concrete implementation of the Global Information Security Policy

Information Security Assurance Plan (ISAP)

Definition and drafting of the document gathering the objectives and security controls to implement for a project or a service externalisation

Action Plan - Remediation

How to fix the flaws highlighted in an audit report? Where are the priorities? Will my team be able to deal with them?

Resilience and business continuity

Implement the "Prepare-Detect-React" approach to ensure disaster recovery in the event of a cyber-attack

Information systems acceptance

To meet the requirements of the French General Safety Regulation (RGS), we carry out all or part of the approval file.

Training

The training sessions are carried out by SEC-IT employees in order to share their skills and feedback from the field.

Our modules are built to transmit in a lively and concrete way. Practical cases from the real world are offered to learners with feedback from the trainer.

We focus our training actions on:

  • The skills development of future cyber team members in the company
  • Taking into account cyber risks and needs in IT and information systems projects

Our sessions are addressed according to the theme:

  • To the business and project management functions: Team Manager, Department Manager, Project owner, Business analyst, Program Director, Project Manager, Dev Lead, Testers...
  • To the technical profiles wishing to acquire best practices in secure software development, IT configuration and administration, or audit (penetration tests)

Become a cyber team member

The cyber team member, as an internal player in the company, brings its business knowledge and contributes to the control of cyber risks.

Manage Information Security in new projects

To understand and master the security needs of the IS and the cyber risks during the implementation of an information system.

Secure software development

Master the principles and best practices of secure development. Know the classic vulnerabilities in order to protect against them.

Introduction to hacking techniques

Learn the methodology of Ethical Hacking, take ownership of common attacks and vulnerabilities.

Training

Cyber security in IT operations (SecOps)

Cyber security in IT operations (SecOps)

To bring SEC-IT cyber security skills and expertise for build and run activities such as:

  • Project owners assistants
  • Project managers
  • Cyber tech leaders, cyber team members, pentesters
  • IT infrastructure security administrators (network, systems, endpoints)
  • Cloud security administrators (Azure, AWS, GCP, O365)
  • SOC and response teams skills (Level 1 to Level 3)