PILOT – Cyber Strategy
When it comes to Cybersecurity, and regardless of the organization (firm, etc.), security has become a key issue. Faced with the multiplication of cyber attacks and massive information leaks observed on a daily basis, organizations remain vulnerable and exposed...
P1: Define your strategic and operational Cyber roadmap
The Roadmap is a multi-annual programme composed of prioritised, arbitrated and budgeted projects over a period of 3 years. The Roadmap aims to address the following issues:
- What are my company’s strategic business orientations?
- What are my major risks and my current Cyber maturity?
- What are the potential major threats my company needs to prepare for?
- What cyber security strategy should be implemented to address this?
- What programme and projects for the 3 years?
- How to prioritize and budget?
Working with Synetis means retaining the end to end support capacity (Consulting, Integration, Digital Identity, Operational Security, technical audits, forensic), from the strategic roadmap to the operational. Since we master and integrate all the security layers of an Information System, our roadmaps are pragmatic and operational.
Synetis has supported many companies in the mass distribution, construction and luxury sectors in this sizing exercise in terms of commitment to results over assignments of 45 to 120 days.
P2: Modeling processes and cyber activities
You manage your cyber security activities in silos and through Excel files that do not allow you to have a transversal and correlated vision. Like a heavy CRM tool (Archer, ServiceNow), you wish to have a transversal and correlated version of your activities. Modeling activities and processes within a low code solution brings agility and flexibility of execution in custom mode. Synetis accompanies you from the definition of your needs (AMOA) to the operational translation (MOE) in the solution.
Examples of achievements: Activity of integration of safety in projects, Activity of annual management of audits and slopes.
P3: Define your ISMS and accompany you to 27001 certification of your company or services
Synetis accompanies you, in co-construction mode, from the initial diagnosis to the blank audit preparatory to certification. The certification of a perimeter such as an activity or a service implies the mobilization of all the actors of the company and sponsoring at the highest level. Change management is a key element for the success of such a project. The definition, implementation and control of its SMSI involves a significant effort to document actions and evidence. Synetis, has a
P4: Define or overhaul your thematic policies and security procedures
Unfortunately, Synetis notes that this area is still relevant and a weak point for a large number of companies:
- No process security defined ;
- Reference of rules too heavy, contradictory, with several hundreds of rules and in the end not applied ;
- Absence of thematic security policies (teleworking, classification, incidents and crisis, identity and access management, third party management, etc.) ;
- Policies obsolete ;
- Procedures unformalized /remained in the minds of experts ;
- Obsolete safety rules or non understandable ;
- Lack of exceptions/derogations management.
Synetis, thanks to its ability to handle end-to-end security domains, is able to provide global or specific addressing of the subject, the modeling your rules for diagnostic purposes at the revision or specific writing of your rules based on the major market standards and references (ANSSI, hygiene guide, NIST, NIS, EIOPA, 27002, 27001, …) on the one hand, and on the other hand, tailor-made by sticking to the operational practices of your experts.