Cyber News

The CISO is often perceived as a technical expert. However, their role also involves a certain amount of management.

In this context, one of the major challenges facing the CISO is that they must improve cybersecurity processes within the company using financial and human resources that are often limited.

This is where lean management comes into play: applying its principles to cybersecurity helps streamline processes and improve teams' operational efficiency. And with good reason: while the concept has its roots in the automotive industry, the principles ofcontinuous improvement and waste reduction also apply to cybersecurity!

‍

Pour faire face à la multiplication et à la sophistication croissante des cyberattaques, les entreprises investissent depuis plusieurs années dans des produits de cybersécurité (pare-feux, antivirus, EDR…) et de sauvegarde. Pourtant, la stratégie visant à se reposer exclusivement sur ces solutions reste aujourd’hui insuffisante.

The Military Programming Law (or LPM) is becoming increasingly well known in the world of cybersecurity —but not only there. This French legislation defines all of the priorities, objectives, and resources allocated to the armed forces for a given period. These objectives certainly concern the security of information systems, but they also relate to equipment, research efforts, and personnel.

However, it is the "cyber" aspect of this law that interests us here. Here is an overview of the requirements of the LPM in terms of IT security —and how to implement them.

Les experts de la cybersécurité connaissent la norme ISO 27002. Certains s’en inspirent pour garantir la bonne santé du système d’information de leur entreprise ou maintenir la certification ISO 27001 de leur SMSI, quand d’autres la considèrent de loin, n’y voyant pas d’intérêt pour leur organisation.

Et, pourtant, cette norme est loin de n’être réservée qu’à une certaine catégorie d’entreprises, soumises à des réglementations spécifiques – surtout depuis sa mise à jour en 2022. Elle peut, en effet, participer à l’amélioration de la posture de cybersécurité de toute organisation… à condition de savoir comment l’utiliser et avec quel outil.

ISO 27035 is also known asISO/IEC 27035. Why? Simply because it comes not only from the International Organization for Standardization (ISO), but also from the International Electrotechnical Commission (IEC). An internationally recognized framework for cybersecurity incident management, ISO 27035 is still less well known thanISO 27001 or 27002. And yet, it is crucially important!

Published in 2005, the international standard ISO 27001 sets out the reference framework for establishing an information security management system (ISMS). This standard approaches security from the perspective of managing the risks to your data, based on a simple concept that can be summed up in one sentence: "prevention is better than cure." Let's take a closer look.

In France, as elsewhere, the accelerated digitization of financial services has amplified risks in terms of cybersecurity and operational resilience. It is in this context that the European Union introduced the Digital Operational Resilience Act (DORA), a regulatory framework that aims to strengthen the resilience of financial institutions in the face of digital threats. Adopted in November 2022 by the Council of the EU, DORA and its associated directive came into force on January 16, 2023.

Le système d’information d’une entreprise est un environnement en constante évolution. Entre diversité des usages (télétravail, BYOD, OT…) et pluralité des infrastructures (on-premise, hybride, full cloud), l’entreprise se doit d’impliquer l’ensemble de ses collaborateurs dans le but de renforcer sa posture de cybersécurité.

‍À l’heure de l’émergence de l’intelligence artificielle générative, et à l’aube de l’émergence de l’Intelligence Artificielle Générale (AGI), nous avons voulu imaginer des scénarios d’utilisation de l’IA dans les solutions de cybersécurité à l’horizon 2050.

Ce récit fantasmé a pour objectif de vous inciter à réfléchir sur votre utilisation de l’IA et de vous offrir des perspectives de réflexion.

The information system security policy (ISSP) is more than just a reference document: it represents the foundation of the strategic vision for the company's IS security. Nothing less.

Historiquement perçu comme un expert technique, le RSSI se doit désormais d’évoluer vers un rôle de communiquant.

Dans un environnement de travail en constante évolution, le RSSI – et plus généralement l’équipe SSI – sont chargés de guider collaborateurs au travers d’une vision de ce qu’est et ce que doit être la cybersécurité au sein de l’entreprise. Si cette mécanique se base sur le partage de bonnes pratiques et l’établissement de règles communes, elle se doit d’être incarnée par un leadership affirmé de la part du RSSI.

Mais alors comment communiquer de manière intelligible auprès de votre organisation ? Comment partager et faire adhérer vos collaborateurs à vos enjeux et prérogatives ? Éléments de réponse et conseils de notre expert.

Monitoring compliance, raising awareness of cyber risks, risk analysis, and day-to-day management... Year after year, CISOs are being given more and more responsibilities—a trend that is unfortunately likely to continue with the upcoming introduction of new regulations.

To the question: how can you manage your work time effectively? The answer may lie in automating certain tasks, particularly those related to compliance.

This raises several questions: Is it possibleto automate certification management? To what extent? How can the Tenacy platform simplify the implementation, maintenance, and assessment of compliance? Let's start at the beginning.