|
|
IT Risk assessment
IT Risk assessment for a Major Public Payments Organisation using the ANSSI EBIOS methodology
Background :
Public authority under the direct supervision of the French government and governed by the Electronic Payment Law.
The client is in charge of implementing European policies as well as national and local policies. The Organisation has direct Payment links with more than 130 payment entities (government, other agencies, ministers, professional unions and associations, etc.)
The Organisation is also in charge of implementing different subsidised programs for various economic sectors such as agriculture, unemployment agencies, education, training, social programs, regional investment agencies, local and rural development, environment protection eco and green development programs.
By its large spectrum of payments covering a large French economic domain, the client is a very critical player from a Cyber Security point of view: business-continuity and recovery, information protection, IS intrusion, data confidentiality, fraud, etc.
Approach :
Considering the need to comply with the European laws for cybersecurity and information security as well as the European rule n° 907/2014 from March 11 2014 the choice was made to use the ISO 2700x based methods.
The Cyber Security audit methodology was conducted within RGS (Référentiel Général de Sécurité ie General Security Framework), the French government security policies for electronic and digital exchanges. Within the RGS framework the methodology followed already defined policies and specific IS security rules.
I-TRACING goal was to conducted within those guidelines and policies the Information System security technical and organisational assessment.
I-TRACING methodology was based on EBIOS® (Expression des Besoins et Identification des Objectifs de Sécurité ie Cybersecurity identification needs) as developed by ANSSI, the French-Government Authority for Cyber Security and critical entities. The EBIOS methodology is based on ISO 27001, 27005 and 31000.
The EBIOS® methodology structures the risk assessment of the IT system, the remediation and actions plan in order to simplify the internal and external communication. The methodology implements a complete operational framework for Cyber Risk assessment.
Project Duration : 3 months
I-TRACING team: 2 Consultants + Project Manager.
Audit, Consulting & Security Design
Securing an important Docker-based infrastructure
Background : The client is a major France Telco involved in all telco, content and broadcasting operations (mobile, fixed lines, corporate activity, hosting, cloud provider, TV, content production and distribution, press, etc.) user of complex and cutting edge technologies such as IaaS, PaaS, and more and more Docker and Container as a Service.
Goals :
- Risk assessment of Docker usage and the Docker specific implementation,
- To make Cyber Security recommendations
- To follow and assist the client in their implementation.
Approach:
- Application virtualization based on the OS kernel functionalities - Differences between Docker and VMware or HyperV mechanisms - Libraries and binaries bundled - etc.
- Cyber Security assessment of the different Docker modules such as :
- System kernel shared with Docker daemon and the containers (…)
- Privilege elevation (…)
- Docker images compromising or containing vulnerabilities (…)
- Prohibited API usage allowing to pass admin. commands (…).
- Deny of Service (DoS) (…) - Vulnerabilities identification and recommendations such as:
- Vulnerability type, Classification, Level of Risk, Docker Version, …
- Recommendations, actions plans for compliance and security policy, follow-up and engineering.
- Access control mechanisms
- Role, profile, admin identity management
- etc.
Project Duration : 6 months I-TRACING team : 2 Consultants
SIEM & Security Intelligence platform integration & SOC Services
Design, Turn-key Engineering and Managed Services
Customer : One of the most import Fortune-500 Retail French Group Project : Implement & expand a SIEM and Security Intelligence Platform followed by a SOC Service Build & Run. Context : Provider of leading Cyber Security Services and software solutions reseller for real-time operational intelligence and security, I-TRACING accompanied the Retail Group in significantly expanding its usage of SIEM & Big Data platform, initially deployed SIEM platform in 2014. Due to the proven value from the initial deployment, the client recently decided to double the size of its SIEM platform in order to address a broader range of requirements.
- I-TRACING turn-key project approach encompasses the high-level design, the tech specifications and low-level design, the solution upgrade and deployment, the software reselling in France and worldwide, the one-stop shop for vendor maintenance, the managed security services and training.
- Furthermore, after an important tender process I-TRACING was chosen for the SOC operations : first, designing and building the SOC, then for the run on a 24/7 basis of the security intelligence platform.
- A special security data I-TRACING analysts team was also implemented, covering threats detection, Dark Web surveillance, CERT, search, monitor and analyze security data, forensic analysis, etc.
Project Duration : 1 year for the design & build of the Security Intelligence Platform. Security Managed Services & SOC in a multiyear contract
Development of a Security Hypervisor
Fixed price project for the development of cybersecurity tools for the Risk and Operational Security Department of a major French and international leader in online betting and gaming.
Project : Design and development of a modular architecture composed of:
- A portal for presenting strategic KPIs and dashbords, calculated from data extracted from security equipment
- On-demand development of specific metrics based on these data corresponding to a specific customer need
- A technical navigation platform allowing you to have a detailed view of certain safety equipment.
- Back-office modules for collecting data from the various technical equipment (Qualys API, F5 API, mantisBT API, etc.)
Technical environment: Java, Spring, AngularJS, MongoDB
Project duration: 4 months; application maintenance and multi-year support assistance.
Fraud Management
Design & build of Data Discovery and Fraud Analysis for Cybersecurity
Background: The customer is a major European global Insurance Group and among the five biggest worldwide companies in this field.
The client wants to implement a data collect & discovery solution and implement fraud, threat analysis for Cyber Security.
Goals:
- Organizing and following the implantation of vendor-based SIEM solution chosen previously by the client. Program piloting in 15 major countries.
- Implementing a complementary real-time solution for threat and fraud quick analysis – the clients face huge challenges in terms of data collection and analytics of very diverse data, including text in different languages and Risk Assessment of Docker usage and the Docker specific implementation, variety of sources and formats (IT logs, social media etc.).
- Content and data classification
- Following and assisting the customer in their implementation.
Approach:
- Project management for the SIEM implementation: choosing the data to collect, organizing the process of opening the log collection of every domain, every type of host (network, security, virtual machines, external hosting,…); vendor relationship, business unit training and awareness, dashboard design, several-layer reporting coordination, etc.
- HLD of a powerful search and analytics platform for Cyber Security Threats Prediction and for cyber attacks identification and correlation.
- Turn-key solution integration and customization including I-TRACING code-development in order to tackle the wide range of data syntax and specific business applications (CRM, financial reporting, provisioning, R&D, …) and processes.
- Analytical patterns detection in behaviour using of interactive charts, timeline analyses, relationship maps, etc.
Duration : 6 months (3 months of specification phase, then 3 months of development tests & production phase)
Industrial & IoT Cybersecurity
The mission of the SAFIIS taskforce (Safer Architecture For Industrial Information System) of a major French player in industry and services, is to reduce the risks of cyber criminality (data leaks, sabotage, fraud, service denial) by establishing and implementing remediation plans according to the identified risks.
Field: Industrial security SCADA
Type of project: The first part is a Build-type flat-rate project which includes the definition of the security architecture, deployment and engineering on all industrial sites in Europe, maintenance and reporting, coordination with the IT Department / CISO of the industrial branch, consistent technical and organisational coherence with the IT Department and the CISO Group.
The second part of the project is a Run type operating security & surveillance mode concerning the operation of a dedicated SOC for the Customer's industrial branch.
Similarly, I-Tracing is responsible for analyzing risks, suggesting remediation plans and deploying the security solutions selected by the Group's various entities: strongholds allowing the control of industrial servers, antiviruses and update solutions, file transfers, printing, supervision, backup, etc.
Project duration: Build phase over approximately 1 year. Run and SOC industrial security phase: multiple-year contract
|
