Should you outsource the administration of the Information System? As mentioned in some of my articles ([01], [02]), IT security is not an option and must be a strategic focus for any organization. Indeed, in my opinion, IT security is both essential and fundamental in order to, among other things, protect the information assets of an organization. Now, let’s focus only on outsourcing the administration of a network or part of a network. Indeed, due to a lack of human or financial resources, the executive committee of an organization… Read More >>
PAM should not exclude SAP Before starting to play a board game, it’s customary to read the game rules. As part of an outsourcing service, it is also very important to establish the “rules of the game” between parties. In [01], the ANSSI (French National Cybersecurity Agency) states that, when using managed services, security should not be incompatible with outsourcing. For an organization whose IS administration is handled by a service provider, the inherent risks are generally related to the loss of control of the… Read More >>
The Cleanroom concept for a safe and secure administration A bastion is a military structure projecting outward from the wall of a fortress. In computer science, we can extrapolate the term “bastion” to a host deliberately exposed to an external, not trusted, network. In general, the purpose of a “cyber bastion host” is to protect a network or part of a network from external threats; it is therefore the most exposed element, the one that is most likely to be attacked . If a bastion “falls down”, the whole… Read More >>
Security is not an obstacle I hurry to laugh at everything, for fear of having to cry about it. Pierre DAC There are three main areas of information systems security (ISS): awareness, physical security and information technology (implementation ways). About awareness, here is a small selection of sentences I have already heard over the past twenty years (unfortunately, this is not an exhaustive list): Security is useless and expensive! There’s nothing secret about what we do. It’s complicated! You’re frankly paranoid… Regarding the complexity of… Read More >>
Once upon a time in Cyberland If the fool warns of a risk, run away. Teke proverb In [01], I mentioned that the risk can be internal to the organization you are managing/administrating/supervising. I had vaguely in mind (but without really quoting it) the Trojan Horse story, which is one of the greatest war tricks, you will agree. Now, let us look at the case of a user with high rights, acting clumsily and, of course, involuntarily. Before starting, it should be noted that any resemblance… Read More >>
Continuous authentication in Cyberia Security is a matter of compromise, a balance between confidentiality and convenience, control and efficiency. While it would be easy to restrict access to an Information System in order to protect sensitive business data, it would become impossible to make it a tool for productivity and growth, especially at a time when openness and collaboration are taken for granted. At the same time, the strict control and monitoring of “power” users has become of crucial importance given the recent cases… Read More >>
I LOVE GDPR ♥ Security is everyone’s concern. Edouard PHILIPPE Since 25 May 2018, the General Data Protection Regulation (GDPR) has been applied for all European Union countries. The main objective of this regulation is to standardize the protection of individuals’ personal data. The GDPR is clearly a technical, legal and organizational subject. In my opinion, this regulation is an undeniable opportunity to control our data and to regain control of our digital life. It is a beautiful tool that will however be necessary… Read More >>
Telework: how to access your enterprise IS securely from home? On my way to telework, I got telepunched for over speeding on the information highway… and it cost me a hell of a telefine! Philippe GELUCK (“Le tour du chat en 365 jours”) Starting with the Macron Ordonnance of September 2017, any employee can request to telework in France. Besides revolutionizing managerial rules, telework allows an adapted organization of professional time by and for an employee. It should be reminded that, by definition, telework is performed outside the employer’s premises… Read More >>
Soliloquy around a consistent monitoring approach Over the last few months, many articles in the specialized press or on various blogs have reported the increase of cyber attacks. Indeed, in 2017, it was noted that attacks in the cyber domain have increased by more than 20%. It is clear that, for any organization, the security of information systems must be considered as a capital issue of governance, or even survival in certain situations. In a previous interview, I have already had the opportunity to say that,… Read More >>
I AM GDPR The EU’s General Data Protection Regulation (GDPR) intends to strengthen and unify personal data protection for all individuals within the European Union. This regulation imposes totally new requirements on how organizations must process such data, which means that companies must step up their efforts in information security management and associated investments. It is important to specify that the regulation (which is already in force, only the application of sanctions is postponed until March 2018) is binding for all companies, European… Read More >>