Your experience on this site will be improved by allowing cookies.
Más información sobre cómo usamos las cookies y de qué manera puede cambiar su configuración.
IT risk and compliance management is essential to operate in many industries. It must be implemented in a systematic and organized manner to allow perfect control of operations. SCASSI engineers advise you at every step, from diagnosis to implementation, control and improvement of your devices, to ensure their compliance with regulations and your management policies. risks.
SCASSI supports you in setting up a safety management system, through an approach based on the study of risks.
OUR CYBERSECURITY TECHNICAL SKILLS
EBIOS risk analysis on a complete system
Analyse de risques, définition et traitement des exigences de sécurité sur système dual (civil / militaire)
Risk analysis on business benchmarks (ex TARA)
Support for ISO 27001 HDS certification
Organizational and physical audits
Support for the design of secure software architecture
Carrying out "tailor-made" risk analyzes or packaged offers
Securing the processing of personal data (CNIL, RGPD)
Analysis and support for regulatory and normative compliance: ISO 27001, LPM, ii901, RGPD, RGS, HDS, PCI-DSS
Security process: IS certification, project security, access management, etc.
Security policies and RSSI coaching
Piloting and management of safety (indicators, dashboards, master plans, etc.)
PCA and PRA: emergency strategies, management, crisis management
Provision of security requirements and specifications - AMOE AMOA
Our customers talk about it the best ...
« Scassi made a significant contribution to obtaining the initial ISO 27001 certification of our Cloud Services activities, providing the appropriate advice and expertise for this strategic project. »
The information system is at the heart of the production tool. It is crucial to ensure an optimal level of protection for the company and its resources. SCASSI engineers support you in the design and optimal operation of security infrastructures. The goal: to provide applications and users with a secure and robust communication base and effectively support the business.
OUR CYBERSECURITY TECHNICAL SKILLS
Infrastructure audit
Security by Design of business IS
Creation and management of a business-oriented SOC (WINSOC offer)
Optimization of ISS Infrastructures (OPTIMIZE offer)
Securing of ICS and SCADA architectures and infrastructures (PLCs, ModBUS, etc.)
II901 compliance
Vulnerability management
Access control (authentication, rights management, etc.)
L2 / L3 architecture (high availability, optimization ...)
Defense in depth, perimeter security (WAF, Proxy ...)
Monitoring & incident management (SIEM, logs, alerts, etc.)
Rights and regulations
Scassi engineers assess system resistance and support you in defining and implementing safety requirements in any industrial project, up to obtaining the necessary approvals
Our areas of action are business IS, critical and embedded systems and IS.
OUR CYBERSECURITY TECHNICAL SKILLS
Penetration tests (PENTEST):
- Black box, gray box and white box mode
- From internal infrastructures or from outside
- Public information research
Code audit (C / C ++, PHP, Python, Java, NodeJS ...)
Configuration audit
Joint audit (website + mobile application, IOT + management infrastructure)
Web domains, applications, systems, critical embedded, IOT, mobile
Cyber security management in software development projects
Application security audit and development practices
Development environment audit
Forensic analysis (dead or live), search for evidence, analysis of the sources of an intrusion
Software Vulnerability Analysis (SVA) methodology
Design of secure architectures OR Embedded SSI / COTS architecture
Vulnerability management: COTS mapping (ex: AUTOSAR component, linux Yocto ...), management of vulnerability flows
Penetration tests on IS and Product LifeCycle Management applications
SSI support in the certification process (DO 178C, ECSS, ARINC, etc.)
Appui à la sécurisation de technologies sous Export Control
REFERENTIALS USED
Common criteria ISO 15408 - CVE / CWE - CAPEC - OWASP - OSSTMM - ISAAF
TECHNICAL ENVIRONMENTS
Linux - Windows - C/C++ - PHP - JAVA Tomcat - Apache
Our customers talk about it the best ...
« Given their expertise in the field, we have chosen the SCASSI teams to support us in carrying out intrusion tests on several of our embedded systems. »
« Scassi performed a code audit assignment for us. Based on a flexible and result-oriented project method, SCASSI engineers have shown adaptability and being a force for proposal. They formulated recommendations and conclusions which now constitute a reusable base in other actions to improve and secure our applications. »
SCASSI's DFIR (Digital Forensics & Incident Response) engineers work within our Security Operations Center offering a differentiated service that combines threat intelligence from different sources with incident response and digital forensics expertise.
OUR CYBERSECURITY TECHNICAL SKILLS
Execution of advanced technical analysis within the Incident response process (malware analysis, traffic analysis, artifact analysis, communications analysis, digital forensics).
Crisis management, notifications and communications with third parties.
Design of templates for reports, follow-ups and dashboards for security incident communication and crisis management processes.
Design of incident response and crisis management procedures.
Support in the creation of laboratories to support the incident response service.
Rédaction de rapports d'analyse médico-légale, de rapports sur les menaces et de manuels de jeu
SIEM and SOAR correlation (Azure Sentinel, IBM Qradar, ...)
Ticketing Tools (Servicedesk Plus, Jira, Remedy, ServiceNow, ...)
Outils médico-légaux (X-Ways Forensics, Cellebrite Forensics, etc.)s
Security process: IS certification, project security, access management, etc.
References and collaborations
NIST SP 800-86, INCIBE-CERT, CCN-CERT
Work environments
Linux - Windows - SCADA - mobile devices, hybrid environments