OIV OSE

What are the regulations for OVI and OES?

The multiplication of attacks and threats to organizations’ information systems has prompted the French government and the European Union to implement recommendations and rules for private companies and public administrations. The requirement level of these rules and recommendations varies according to the importance of the target organization. They are optional for organizations considered as non-sensitive, but, at different levels, mandatory for OVI (Operators of Vital Importance) and OES (Operators of Essential Services). Limiting the cyber risk of OVI and OES… Read More >>

terminal client léger

Making the administration workstation incorruptible with a hardened thin client terminal

The terminal allowing administrators to access the administration network is a key element for the global security of organizations’ information systems. A possible corruption of this terminal is a major risk for companies. The use of a hardened thin client terminal communicating with administration virtual desktops allows you to take advantage of the specific and secure architecture of a hardened thin client terminal while benefiting from the functionalities of Privileged Access Management (PAM) solutions thanks to virtualization. Prerequisites for using… Read More >>

moindre privilège

Least privilege: a key principle for the security of the Information System

The least privilege principle consists in limiting the rights/authorizations of any individual on the information system to only those applications/data that are necessary for his missions. This principle appears in many guides relating to cybersecurity, in particular in documents published by the National Cybersecurity Agency of France – ANSSI (PA-022 – recommendations relating to the secure administration of information systems or PG-040 – recommendations for the implementation of system partitioning) or in the rules issued by the French MPL (Military… Read More >>

The human face of the workplace

The human face of the workplace

A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>

La gestion des identités dans les GHT

Identity management within Hospitals cluster

The GHT (Hospitals cluster in France), created by the Health Act 2016, bring together several hospitals in the same region in order to strengthen their collaboration. This involves, in particular, a shared management of hospital staff, but also the gradual unification of the Information Systems (IS) of hospitals in the same hospitals cluster. Identity management is one of the first building blocks to be implemented as part of IS merge, which must then adapt to a multi-LE (multi legal entity) context…. Read More >>

European Cybersecurity Act

European Cybersecurity Act : What certification process ?

In 2017, the European Commission published a series of initiatives to strengthen the EU’s resilience, deterrence and defense against cyber attacks. These measures include the proposal for a Regulation on ENISA and the certification of information and communication technologies for cybersecurity (European Cybersecurity Act). This regulation gives ENISA a permanent mandate and strengthens its expertise in prevention, consultancy and cooperation. The European Cybersecurity Act also includes a second component aimed at creating a European cybersecurity certification framework, in which ENISA… Read More >>

Cybersecurity Act

Cybersecurity Act : What’s going to change?

After being approved by the European Parliament on March 12, 2019, the Cybersecurity Act was finally adopted after its publication in the Official Journal of the European Union on June 7, 2019. The Cybersecurity Act strengthens the European Union Agency for Cybersecurity (ENISA) and establishes a European framework for the certification of cybersecurity products and services. A permanent mandate and more resources for ENISA With the Cybersecurity Act, ENISA, the European Union Agency for Cybersecurity, created in 2004, receives a… Read More >>

reasons to deploy SSO

6 reasons to deploy an SSO solution

The Single-Sign-On (SSO) allows users to access their applications by logging in only once. They then have access to all their resources without having to enter their credentials for each application. Companies and organizations have many reasons to implement this type of solution; among them, we can mention the following six major advantages: Time saving: By logging in only once per session, users will save time, as well as the IT support which will be less likely to be contacted… Read More >>

TISAX, a standard in the automotive industry

TISAX, a standard in the automotive industry

Based on the standard ISO 27001 and adapted to the requirements of the automotive field, the TISAX (Trusted Information Security Assessment Exchange) standard was developed by the VDA (Verband der Automobilindustrie, the German automotive industry association) in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX). The TISAX security audit standard allows the mutual acceptance of information security assessments (carried out by trusted and certified third parties) in the automotive industry and provides a common… Read More >>

SMSI

The value of an Information Security Management System for an organization

A risk manager should always assume that the list of risks considered, however extensive, is incomplete. Douglas W. Hubbard ISO 27001 is an international information security standard, which sets a framework of requirements that an organization must meet to manage its security activities with success. The application of this standard is only possible through the implementation and adoption of an Information Security Management System (ISMS). An ISMS certified ISO 27001, without being an end in itself, clearly provides a guarantee… Read More >>