OIV OSE

What are the regulations for OVI and OES?

The multiplication of attacks and threats to organizations’ information systems has prompted the French government and the European Union to implement recommendations and rules for private companies and public administrations. The requirement level of these rules and recommendations varies according to the importance of the target organization. They are optional for organizations considered as non-sensitive, but, at different levels, mandatory for OVI (Operators of Vital Importance) and OES (Operators of Essential Services). Limiting the cyber risk of OVI and OES… Read More >>

gestion des accès à privilèges - PAM

What exactly is Privileged Access Management?

If you work in the IT industry, you’ve probably already heard terms like “Privileged Access Management” (PAM) and “Privileged User Management”. But you didn’t say anything because you didn’t know exactly what it was all about. Don’t worry, in this blog post you’ll learn everything you need to know about Privileged Access Management. PAM according to the Gartner According to the Gartner, “Privileged Access Management” (PAM) solutions are designed to help organizations provide a secure and privileged access to critical… Read More >>

The human face of the workplace

The human face of the workplace

A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>

European Cybersecurity Act

European Cybersecurity Act : What certification process ?

In 2017, the European Commission published a series of initiatives to strengthen the EU’s resilience, deterrence and defense against cyber attacks. These measures include the proposal for a Regulation on ENISA and the certification of information and communication technologies for cybersecurity (European Cybersecurity Act). This regulation gives ENISA a permanent mandate and strengthens its expertise in prevention, consultancy and cooperation. The European Cybersecurity Act also includes a second component aimed at creating a European cybersecurity certification framework, in which ENISA… Read More >>

Cybersecurity Act

Cybersecurity Act : What’s going to change?

After being approved by the European Parliament on March 12, 2019, the Cybersecurity Act was finally adopted after its publication in the Official Journal of the European Union on June 7, 2019. The Cybersecurity Act strengthens the European Union Agency for Cybersecurity (ENISA) and establishes a European framework for the certification of cybersecurity products and services. A permanent mandate and more resources for ENISA With the Cybersecurity Act, ENISA, the European Union Agency for Cybersecurity, created in 2004, receives a… Read More >>

évaluation sécurité

Move on, there’s nothing to see! or why “security by obscurity” is not a solution

We don’t know what’s hidden in the obscurity. David Lynch At the end of the 19th century, Auguste Kerckhoffs published the principles of military cryptography [01]. In this document (accessible on the Web for free), we learn that an encryption system can be known by the enemy and its security must be based on the non-disclosure (and unlimited change) of the keys used to configure the system. Appendix B1 of the RGS (Référentiel Général de Sécurité that is General Security… Read More >>

programmer focused on code blog article

A compliant but also effective solution

Having no problems is the biggest problem of all. Taiichi ÔNO For at least ten years now, I have been telling prospects, students, employees, etc. that a security evaluation can be interpreted as an assessment of effectiveness in relation to security objectives. In other words, an evaluation (in the field of IT security) seeks to demonstrate that a product (or system) meets defined objectives in a compliant and effective manner. The day after my eldest daughter’s birthday, barely recovered from… Read More >>

externalisation de l'administration de son SI

Should you outsource the administration of the Information System?

As mentioned in some of my articles ([01], [02]), IT security is not an option and must be a strategic focus for any organization. Indeed, in my opinion, IT security is both essential and fundamental in order to, among other things, protect the information assets of an organization. Now, let’s focus only on outsourcing the administration of a network or part of a network. Indeed, due to a lack of human or financial resources, the executive committee of an organization… Read More >>

I'M RGPD

I AM GDPR

The EU’s General Data Protection Regulation (GDPR) intends to strengthen and unify personal data protection for all individuals within the European Union. This regulation imposes totally new requirements on how organizations must process such data, which means that companies must step up their efforts in information security management and associated investments. It is important to specify that the regulation (which is already in force, only the application of sanctions is postponed until March 2018) is binding for all companies, European… Read More >>

Feedback on the ANSSI’s qualification of IPdiva Secure, now Systancia Gate

One of the keys to securing the information system of an organization is to deploy security products. Because of their importance in the security system, it is essential to have confidence in these products. Confidence refers to the idea that you can trust someone or something. The best way to measure confidence in a security product is to have a security evaluation, conducted by a recognized and independent body in order to “validate” the response to a specific problem. IPdiva… Read More >>