Cybersecurity Act

Cybersecurity Act : What’s going to change?

After being approved by the European Parliament on March 12, 2019, the Cybersecurity Act was finally adopted after its publication in the Official Journal of the European Union on June 7, 2019. The Cybersecurity Act strengthens the European Union Agency for Cybersecurity (ENISA) and establishes a European framework for the certification of cybersecurity products and services. A permanent mandate and more resources for ENISA With the Cybersecurity Act, ENISA, the European Union Agency for Cybersecurity, created in 2004, receives a… Read More >>

Zero Trust

Zero Trust, a modern and agile defense paradigm?

For those who are responsible for the management of a company’s IT infrastructure, it is quite clear that the moat technique, i.e. the old idea of building a moat around a castle to keep intruders at bay, is no longer relevant. This is not only inefficient but also hardly feasible given the number and diversity of entry points into the IS of any company with a reasonable size today. Indeed, the risks and threats to the information assets of companies and… Read More >>

les dangers du social login

The risks of Social Login

You have seen it before, or even already used it to connect to a website, the social login seduces because of the simplification and time saving it provides to Internet users. This is a unique authentication form that allows users to connect to different sites or applications through identity providers, for example via their Facebook, Twitter, Google, Apple or LinkedIn accounts, to name just a few. Technically, behind the social login, there are identity federation technologies, which allow to use… Read More >>

reasons to deploy SSO

6 reasons to deploy an SSO solution

The Single-Sign-On (SSO) allows users to access their applications by logging in only once. They then have access to all their resources without having to enter their credentials for each application. Companies and organizations have many reasons to implement this type of solution; among them, we can mention the following six major advantages: Time saving: By logging in only once per session, users will save time, as well as the IT support which will be less likely to be contacted… Read More >>

TISAX, a standard in the automotive industry

TISAX®, an information security mechanism in the automotive industry

Based on the standard ISO 27001 and adapted to the requirements of the automotive field, the TISAX® (Trusted Information Security Assessment Exchange) mechanism was developed by the VDA (Verband der Automobilindustrie, the German automotive industry association) in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX). The TISAX® security audit mechanism allows the mutual acceptance of information security assessments (carried out by trusted and certified third parties) in the automotive industry and provides a common… Read More >>

évaluation sécurité

Move on, there’s nothing to see! or why “security by obscurity” is not a solution

We don’t know what’s hidden in the obscurity. David Lynch At the end of the 19th century, Auguste Kerckhoffs published the principles of military cryptography [01]. In this document (accessible on the Web for free), we learn that an encryption system can be known by the enemy and its security must be based on the non-disclosure (and unlimited change) of the keys used to configure the system. Appendix B1 of the RGS (Référentiel Général de Sécurité that is General Security… Read More >>

Management of privileged accounts: 5 key recommendations to protect your Information System

The administration of the information system (IS) of companies and organizations are based on privileged accounts. Privileged accounts rely on the trust placed in their users. Whether internal or external administrators, privileged users have the power to make substantial changes to the IS and therefore have a heavy responsibility concerning the IT security; they have the power to take actions that may harm the company or organization for which they operate. Users with privileged access are able to install and… Read More >>

SMSI

The value of an Information Security Management System for an organization

A risk manager should always assume that the list of risks considered, however extensive, is incomplete. Douglas W. Hubbard ISO 27001 is an international information security standard, which sets a framework of requirements that an organization must meet to manage its security activities with success. The application of this standard is only possible through the implementation and adoption of an Information Security Management System (ISMS). An ISMS certified ISO 27001, without being an end in itself, clearly provides a guarantee… Read More >>

programmer focused on code blog article

A compliant but also effective solution

Having no problems is the biggest problem of all. Taiichi ÔNO For at least ten years now, I have been telling prospects, students, employees, etc. that a security evaluation can be interpreted as an assessment of effectiveness in relation to security objectives. In other words, an evaluation (in the field of IT security) seeks to demonstrate that a product (or system) meets defined objectives in a compliant and effective manner. The day after my eldest daughter’s birthday, barely recovered from… Read More >>

externalisation de l'administration de son SI

Should you outsource the administration of the Information System?

As mentioned in some of my articles ([01], [02]), IT security is not an option and must be a strategic focus for any organization. Indeed, in my opinion, IT security is both essential and fundamental in order to, among other things, protect the information assets of an organization. Now, let’s focus only on outsourcing the administration of a network or part of a network. Indeed, due to a lack of human or financial resources, the executive committee of an organization… Read More >>