Secop global approach
Choosing the right path for defending one's IS requires a consolidated view of the level of maturity of the measures already implemented.
Synetis offers global operational security support for different subjects to cover all your needs. As part of your digital transformation, the massive adoption of the Cloud and the opening-up of your information system, our teams are able to implement the best security practices. This can also be achieved in a context where regulatory requirements are strong (Act on Military Programming, NIS, etc.). Our support ranges from Scoping to the definition of an operational roadmap , up to selecting and implementing technical solutions (scoping, PoC, RFI, RFP, deployment assistance).
The launch of a global operational security approach is generally preceded by a diagnosis combining 27002, ANSSI recommendations, regulatory requirements and organizational issues. This diagnosis can give an indication of the current level of maturity in order to define a global and pragmatic roadmap. This approach is particularly suitable for mid-sized organizations that don’t have the internal resources to have a 360° view of the security measures to be implemented. For larger organizations, this approach will enable the roadmap to be updated in the light of new threats, or the launch of new projects such as the new “workplace“, the digitalization of business processes, the adoption of the Cloud, big data, etc.
An operational security roadmap is broken down into several themes grouped by priority in order to quickly identify where to put in effort and get decision-makers on board. Some of the most common themes include network security, data protection, vulnerability management, privileged access security, access control, PCI and PSI, etc.
Once the roadmap has been drawn up, it can be implemented , with the meticulous follow-up of each project… remembering that the project itself must be carried out on time with the right level of quality but so must the “run” mode once the project is completed. Indeed, it is worth remembering that there is no point in carrying out a project and then abandoning that project due to an insufficient transfer of skills to operational teams capable of running the device.
These operational teams are sometimes part of a SOC (Security Operation Center) , in charge of monitoring via adapted measures. The overall Secop approach generally includes a review of the SoC’s level of maturity , whether internal or external, as part of its diagnosis. The main elements reviewed are: contractual commitments (or SLAs), scenarios covered and not covered, the list of assets to be taken into account, governance, tools, quality control, etc.
Synetis in its global approach can intervene either on a complete perimeter or a restricted perimeter (IS and/or organizational).