Security of information systems
Today, the information system is a challenging component of data protection because it guarantees the trust of customers and users.
Definition of the scope
The preliminary and indispensable stage of a security policy
Mappings of the IS
LOB carries out a complete mapping of the network (LAN, WAN, Internet access, redundancy, flow…). This mapping can be completed by an analysis of personal data flows and their control within the framework of the GDPR. It allows us to comprehend the overall configuration of the information system, which is an essential step for any security policy.
LOB assesses the vulnerability of the IS to an external attacker. The objective is to try to exploit the technical vulnerabilities of the IS in order to:
- Access the internal network and sensitive confidential information (business, emails…)
- Take control of a resource
During these tests, several elements are evaluated such as the robustness of the machines, the security of the services/applications, the perimeter security elements, the security of the authentication systems…
This audit evaluates the level of security of an information system (IS) in several real-life situations.
It involves identifying problems related to the IT infrastructure, the security of workstations, ancillary services deemed to be poorly or inadequately secured, environmental compartmentalization defects, poor configurations, etc…
A fast and close support to our customers to provide serenity and adapted answers
LOB can take action to respond to an emergency following a security incident.
Depending on the nature of the incident, our consultants will be able to:
- Identify as far as possible the source of the intrusion / Forensic
- Conduct a systems inventory
- Measure the extent of the attack and stop it
- Recover the data and ensure the integrity of the IS to ensure rapid restart
- Make preventive and corrective recommendations
The objective is to carry out targeted attacks to stimulate “human failures”. For example by sending malicious emails (phishing, malware attachments) or by using the remote connection tools used by the teams.
This type of audit makes it possible to assess the awareness and responsiveness of the teams to attacks as well as the internal reporting of alerts.
This audit phase is followed by a restitution and awareness-raising to good practices.
- Identify, map sites, blogs, forums/web-based information of particular interest or threat
- Collect as much information as possible on the technical, organisational, legal and financial ecosystem and define indicators or tools to measure their activity
- Monitor these places of exchange, whether commercial or not, in order to detect any changes, modifications to their organisation or proposals
- Make recommendations for action on the basis of the information collected and the observations made
Our operational experience and know-how to raise awareness among your teams
Advice and training
LOB supports its customers during all phases of implementation or improvement of the security of their information systems. In this context we offer:
- An analysis of security needs
- Support in the choice of security products
- A risk analysis, development of security policies and implementation of your business continuity plan
- Training in order to identify and react appropriately to security threats, incidents or alerts and to apply good practices
LOB LINE OF BUSINESS
3 rue Pierre Demours
75017 Paris, France
+33 (0) 1 58 62 10 23