Cyber News

The TISAX® standard, or Trusted Information Security Assessment Exchange, is not like other information security standards: developed by the European Network Exchange (ENX) association, it is specific to the automotive industry. But what are its requirements? How can it be implemented within an organization? Find all the answers here!

To effectively protect an organization's IT system, you need to know its strengths and weaknesses. This is the role of risk analysis and security audits, the results of which provide valuable information for the CISO.

The CISO is often perceived as a technical expert. However, their role also involves a certain amount of management.

In this context, one of the major challenges facing the CISO is that they must improve cybersecurity processes within the company using financial and human resources that are often limited.

This is where lean management comes into play: applying its principles to cybersecurity helps streamline processes and improve teams' operational efficiency. And with good reason: while the concept has its roots in the automotive industry, the principles ofcontinuous improvement and waste reduction also apply to cybersecurity!

‍

To cope with the increasing number and sophistication of cyberattacks, companies have been investing in cybersecurity products (firewalls, antivirus software, EDR, etc.) and backup solutions for several years. However, the strategy of relying exclusively on these solutions remains insufficient today.

The Military Programming Law (or LPM) is becoming increasingly well known in the world of cybersecurity —but not only there. This French legislation defines all of the priorities, objectives, and resources allocated to the armed forces for a given period. These objectives certainly concern the security of information systems, but they also relate to equipment, research efforts, and personnel.

However, it is the "cyber" aspect of this law that interests us here. Here is an overview of the requirements of the LPM in terms of IT security —and how to implement them.

While ISO 27001 defines the framework, ISO 27002 is the essential operational guide for implementing your ISMS. But how can you transform this catalog of 93 controls into concrete measures without paralyzing your organization? We have deciphered the keys to its implementation and the advantages of automation to simplify your security management!

ISO 27035 is also known asISO/IEC 27035. Why? Simply because it comes not only from the International Organization for Standardization (ISO), but also from the International Electrotechnical Commission (IEC). An internationally recognized framework for cybersecurity incident management, ISO 27035 is still less well known thanISO 27001 or 27002. And yet, it is crucially important!

ISO 27001 is much more than just a line in a sales brochure: it is the international benchmark standard for implementing an ISMS (Information Security Management System). In an increasingly stringent regulatory environment, obtaining ISO 27001 certification has become a major lever for reassuring your partners, securing your critical assets, and meeting the most stringent compliance requirements.

In France, as elsewhere, the accelerated digitization of financial services has amplified risks in terms of cybersecurity and operational resilience. It is in this context that the European Union introduced the Digital Operational Resilience Act (DORA), a regulatory framework that aims to strengthen the resilience of financial institutions in the face of digital threats. Adopted in November 2022 by the Council of the EU, DORA and its associated directive came into force on January 16, 2023.

A company's information system is a constantly evolving environment. Between diverse uses (teleworking, BYOD, OT, etc.) and multiple infrastructures (on-premise, hybrid, full cloud), companies must involve all their employees in order to strengthen their cybersecurity posture.

With the emergence of generative artificial intelligence and the dawn of Artificial General Intelligence (AGI), we wanted to imagine scenarios for using AI in cybersecurity solutions by 2050.

This fictional story aims to encourage you to reflect on your use of AI and offer you some food for thought.

Historically perceived as a technical expert, the CISO must now evolve into a communicator.

In a constantly changing work environment, the CISO—and more generally the IT security team—is responsible for guiding employees through a vision of what cybersecurity is and should be within the company. While this mechanism is based on sharing best practices and establishing common rules, it must be embodied by strong leadership on the part of the CISO.

But how can you communicate clearly within your organization? How can you share your challenges and priorities with your employees and get them on board? Our expert provides some answers and advice.