To help companies and public organizations to bring Cybersecurity at the right level, Sogeti has developed a systemic approach to Cybersecurity that combines Assessment services, Consulting, Architecture and Solutions Deployment, Monitoring capabilities, Analytics and Mitigation / Remediation services.
Security of information systems is a cross-cutting issue in the company. Indeed, it involves the information systems department, the human resources department (for rights management), the finance department (for regulatory compliance issues), the security department (for industrial security and premises security), the communication department (crisis management), the legal department (partnership contracts, subcontracting and service provision where security is involved)… Therefore, it also involves general management which carries corresponding legal responsibilities. In practice, responsibility lies with the Chief Information Security Officer, who must take into account the constraints of all the above-mentioned stakeholders.
In addition, information system security is not merely a technical problem. It is a combination of technical issues (estimated 25%), organizational issues (estimated 50%) and legal issues (estimated 25%). To improve the security of an information system, these three dimensions must be addressed, plus a fourth - the company’s business, for which this information system was created.
The protection system operates as a closed loop, which guarantees continuous improvement, as part of the Plan/Do/Check/Act approach. It means the level of maturity achieved by the company in terms of security can be measured from the outset and at any time thereafter and thus provides leaders with a clear vision of the company’s security and of any residual risks. It guarantees an extremely rapid, pre-prepared reaction to incidents, which may rapidly lead to adapt the organization or the technical devices installed.
Our systemic approach encompasses:
Assessment & Audit: Identification of risks and vulnerabilities and level of security maturity.
Policy & Governance: Consulting services aiming at risk analysis, security policy development, awareness, training & organization.
Architecture & Integration: Definition of target architecture and implementation of its security components.
Monitoring and Analytics: Visibility on all information systems security incidents requiring corrective actions and security maintenance; Detection of events likely to mean hostile behaviors.
Remediation & Crisis Management: End to end crisis management (typically after a massive attack or infection).