European Cybersecurity Act

European Cybersecurity Act : What certification process ?

In 2017, the European Commission published a series of initiatives to strengthen the EU’s resilience, deterrence and defense against cyber attacks. These measures include the proposal for a Regulation on ENISA and the certification of information and communication technologies for cybersecurity (European Cybersecurity Act). This regulation gives ENISA a permanent mandate and strengthens its expertise in prevention, consultancy and cooperation. The European Cybersecurity Act also includes a second component aimed at creating a European cybersecurity certification framework, in which ENISA… Read More >>

Cybersecurity Act

Cybersecurity Act : What’s going to change?

After being approved by the European Parliament on March 12, 2019, the Cybersecurity Act was finally adopted after its publication in the Official Journal of the European Union on June 7, 2019. The Cybersecurity Act strengthens the European Union Agency for Cybersecurity (ENISA) and establishes a European framework for the certification of cybersecurity products and services. A permanent mandate and more resources for ENISA With the Cybersecurity Act, ENISA, the European Union Agency for Cybersecurity, created in 2004, receives a… Read More >>

TISAX, a standard in the automotive industry

TISAX, a standard in the automotive industry

Based on the standard ISO 27001 and adapted to the requirements of the automotive field, the TISAX (Trusted Information Security Assessment Exchange) standard was developed by the VDA (Verband der Automobilindustrie, the German automotive industry association) in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX). The TISAX security audit standard allows the mutual acceptance of information security assessments (carried out by trusted and certified third parties) in the automotive industry and provides a common… Read More >>

évaluation sécurité

Move on, there’s nothing to see! or why “security by obscurity” is not a solution

We don’t know what’s hidden in the obscurity. David Lynch At the end of the 19th century, Auguste Kerckhoffs published the principles of military cryptography [01]. In this document (accessible on the Web for free), we learn that an encryption system can be known by the enemy and its security must be based on the non-disclosure (and unlimited change) of the keys used to configure the system. Appendix B1 of the RGS (Référentiel Général de Sécurité that is General Security… Read More >>

SMSI

The value of an Information Security Management System for an organization

A risk manager should always assume that the list of risks considered, however extensive, is incomplete. Douglas W. Hubbard ISO 27001 is an international information security standard, which sets a framework of requirements that an organization must meet to manage its security activities with success. The application of this standard is only possible through the implementation and adoption of an Information Security Management System (ISMS). An ISMS certified ISO 27001, without being an end in itself, clearly provides a guarantee… Read More >>

programmer focused on code blog article

A compliant but also effective solution

Having no problems is the biggest problem of all. Taiichi ÔNO For at least ten years now, I have been telling prospects, students, employees, etc. that a security evaluation can be interpreted as an assessment of effectiveness in relation to security objectives. In other words, an evaluation (in the field of IT security) seeks to demonstrate that a product (or system) meets defined objectives in a compliant and effective manner. The day after my eldest daughter’s birthday, barely recovered from… Read More >>

externalisation de l'administration de son SI

Should you outsource the administration of the Information System?

As mentioned in some of my articles ([01], [02]), IT security is not an option and must be a strategic focus for any organization. Indeed, in my opinion, IT security is both essential and fundamental in order to, among other things, protect the information assets of an organization. Now, let’s focus only on outsourcing the administration of a network or part of a network. Indeed, due to a lack of human or financial resources, the executive committee of an organization… Read More >>

PAS - Plan d’Assurance Sécurité

PAM should not exclude SAP

Before starting to play a board game, it’s customary to read the game rules. As part of an outsourcing service, it is also very important to establish the “rules of the game” between parties. In [01], the ANSSI (French National Cybersecurity Agency) states that, when using managed services, security should not be incompatible with outsourcing. For an organization whose IS administration is handled by a service provider, the inherent risks are generally related to the loss of control of the… Read More >>

I LOVE DSGVO

I LOVE GDPR ♥

Security is everyone’s concern. Edouard PHILIPPE Since 25 May 2018, the General Data Protection Regulation (GDPR) has been applied for all European Union countries. The main objective of this regulation is to standardize the protection of individuals’ personal data. The GDPR is clearly a technical, legal and organizational subject. In my opinion, this regulation is an undeniable opportunity to control our data and to regain control of our digital life. It is a beautiful tool that will however be necessary… Read More >>

I'M RGPD

I AM GDPR

The EU’s General Data Protection Regulation (GDPR) intends to strengthen and unify personal data protection for all individuals within the European Union. This regulation imposes totally new requirements on how organizations must process such data, which means that companies must step up their efforts in information security management and associated investments. It is important to specify that the regulation (which is already in force, only the application of sanctions is postponed until March 2018) is binding for all companies, European… Read More >>