Cyber News

In an ever-changing regulatory landscape, companies must comply with a set of standards and regulations related to data protection, IT and employee security, and the functioning of their products. Beyond the penalties for non-compliance —which can be significant—a security breach or unaddressed vulnerability can seriously damage an organization's brand image.

‍

Your management has just approved your information system security policy (ISSP). What now? It's time to draw up your IT security plan, which should detail the actions to be implemented to ensure the ISSP is applied. Defining objectives, monitoring current and future actions, measuring results... All this requires flawless project management.

Risk-based approach and compliance-based approach: these two terms, which refer to the mindset with which the CISO builds his strategy, are sure to divide the world of cybersecurity...

GDPR, LPM, NIS... Companies today are subject to an increasing number of regulatory and compliance frameworks. While these rules are essential to ensuring a high level of security within the organization, they can sometimes hinder the smooth running of operations.

In 2024, the European Union undertook to regulate the use of artificial intelligence through the AI Act. This pioneering initiative aims to establish a legal framework for the general use of AI.

The law firm Fidal, founded in 1922 (no less!), has specialized in cyber issues for several years. When we met with them, we wanted to know how business law experts approach cybersecurity and its challenges, particularly in terms of regulatory compliance. Gaël Leroux and Cyril Chauvin answer our questions.

Everyone (or almost everyone) is familiar with the NIST Cybersecurity Framework (NIST-CSF). Developed by the National Institute of Standards and Technology—a U.S. agency within the Department of Commerce—this framework offers a structured and comprehensive approach to help organizations identify, assess, and manage cyber risks. It is specifically designed to strengthen the security of critical infrastructure, but its application extends to all sectors, regardless of the size of the organization or its field of activity. Let's take a closer look.

The CNIL (Commission Nationale de l’Informatique et des Libertés) is a 100% independent French administrative authority. It was created in 1978 to protect personal data and individual freedoms—nothing less.

The CNIL quickly became a key player in the French digital landscape, positioning itself as the number one authority on privacy and personal data regulation in France.

Overview of the CNIL, its history, its missions, and its impact.

The NIS 2 (Network and Information Security 2) directive has been the subject of much discussion since its publication in the EU Official Journal on December 27, 2022. And with good reason: it represents a major milestone in the evolution of European cybersecurity regulations, replacing its 2016 predecessor, NIS.

The Payment Card Industry Data Security Standard (also known as PCI-DSS for short) is a set of security standards designed to ensure that all companies accepting, processing, storing, or transmitting credit card information maintain a secure environment.

In today's cyber landscape, it is no longer enough to simply implement protection solutions. Compliance with standards and regulations has quickly become an essential parameter for ensuring information security—and therefore user confidence. Among these standards is SOC 2 (Service Organization Control 2), which has become indispensable.

The NIS 2 (Network and Information Security) Directive is the latest regulatory shake-up in European cybersecurity. Succeeding the 2016 NIS Directive, it massively expands the number of companies affected and tightens security requirements...