programmer focused on code blog article

A compliant but also effective solution

Having no problems is the biggest problem of all. Taiichi ÔNO For at least ten years now, I have been telling prospects, students, employees, etc. that a security evaluation can be interpreted as an assessment of effectiveness in relation to security objectives. In other words, an evaluation (in the field of IT security) seeks to demonstrate that a product (or system) meets defined objectives in a compliant and effective manner. The day after my eldest daughter’s birthday, barely recovered from… Read More >>

externalisation de l'administration de son SI

Should you outsource the administration of the Information System?

As mentioned in some of my articles ([01], [02]), IT security is not an option and must be a strategic focus for any organization. Indeed, in my opinion, IT security is both essential and fundamental in order to, among other things, protect the information assets of an organization. Now, let’s focus only on outsourcing the administration of a network or part of a network. Indeed, due to a lack of human or financial resources, the executive committee of an organization… Read More >>

PAS - Plan d’Assurance Sécurité

PAM should not exclude SAP

Before starting to play a board game, it’s customary to read the game rules. As part of an outsourcing service, it is also very important to establish the “rules of the game” between parties. In [01], the ANSSI (French National Cybersecurity Agency) states that, when using managed services, security should not be incompatible with outsourcing. For an organization whose IS administration is handled by a service provider, the inherent risks are generally related to the loss of control of the… Read More >>

The Cleanroom concept for a safe and secure administration

A bastion is a military structure projecting outward from the wall of a fortress. In computer science, we can extrapolate the term “bastion” to a host deliberately exposed to an external, not trusted, network. In general, the purpose of a “cyber bastion host” is to protect a network or part of a network from external threats; it is therefore the most exposed element, the one that is most likely to be attacked . If a bastion “falls down”, the whole… Read More >>

Security is not an obstacle

I hurry to laugh at everything, for fear of having to cry about it. Pierre DAC There are three main areas of information systems security (ISS): awareness, physical security and information technology (implementation ways). About awareness, here is a small selection of sentences I have already heard over the past twenty years (unfortunately, this is not an exhaustive list): Security is useless and expensive! There’s nothing secret about what we do. It’s complicated! You’re frankly paranoid… Regarding the complexity of… Read More >>

Ständige Authentifizierung in der Cyber-Welt

Continuous authentication in Cyberia

Security is a matter of compromise, a balance between confidentiality and convenience, control and efficiency. While it would be easy to restrict access to an Information System in order to protect sensitive business data, it would become impossible to make it a tool for productivity and growth, especially at a time when openness and collaboration are taken for granted. At the same time, the strict control and monitoring of “power” users has become of crucial importance given the recent cases… Read More >>

I LOVE DSGVO

I LOVE GDPR ♥

Security is everyone’s concern. Edouard PHILIPPE Since 25 May 2018, the General Data Protection Regulation (GDPR) has been applied for all European Union countries. The main objective of this regulation is to standardize the protection of individuals’ personal data. The GDPR is clearly a technical, legal and organizational subject. In my opinion, this regulation is an undeniable opportunity to control our data and to regain control of our digital life. It is a beautiful tool that will however be necessary… Read More >>

Home Office

Telework: how to access your enterprise IS securely from home?

On my way to telework, I got telepunched for over speeding on the information highway… and it cost me a hell of a telefine! Philippe GELUCK (“Le tour du chat en 365 jours”) Starting with the Macron Ordonnance of September 2017, any employee can request to telework in France. Besides revolutionizing managerial rules, telework allows an adapted organization of professional time by and for an employee. It should be reminded that, by definition, telework is performed outside the employer’s premises… Read More >>

Soliloquy around a consistent monitoring approach

Over the last few months, many articles in the specialized press or on various blogs have reported the increase of cyber attacks. Indeed, in 2017, it was noted that attacks in the cyber domain have increased by more than 20%. It is clear that, for any organization, the security of information systems must be considered as a capital issue of governance, or even survival in certain situations. In a previous interview, I have already had the opportunity to say that,… Read More >>

In the age of artificial intelligence, nothing new… really?

The year 2017 was marked by numerous issues in the cyber domain. We can mention the successive ransomware waves but also the imminent arrival of the GDPR (General Data Protection Regulation) which is the subject of many conferences, posts, forum topics, etc. Another great subject was the “second birth” of artificial intelligence and machine learning. Concerning the artificial intelligence (AI), we are still far from Skynet from Terminator, I can assure you. However, it has to be said that a… Read More >>