Contrary to popular belief, securing an organization information system not only consists in implementing a technical fortress to prevent the assailants’ external entering. If this is necessarily required, it is not enough because 80% of security problems of information systems come from within organizations . In fact, the weak link in terms of IS security is man.
Training-ssiThe Information Systems Security approach is a financial and even strategic issue for organizations. There is no generic security policy (called absolute) but a security policy adapted to each company, achaque organiseme. It is therefore necessary to think and design IS Security according to the activity, the context, the business environment, the assets to be protected with a short and medium term vision to anticipate the evolutions and to have constantly a ” advanced.
Through customized, flexible and adapted services, Synertic offers to accompany you to the implementation of a security policy of your information system.
Audit Security Information System
Through an external perspective and independent , the goals of a security audit of an information system are:
to make a inventory of IS security
analyze and evaluate the protection, prevention, safety measures, …
to establish a policy plan and recommendations to improve security policy.
The level of an audit can be global or detailed on all or part of the perimeter of the organization studied.
auditAn audit may be accompanied by a Risk Analysis for identifying and assessing the various risks incurred by the company.
This involves assessing for each risk:
Potentiality: Probability of occurrence of risk
The impact: Severity of the direct and indirect consequences, if the risk occurred.
Thus, the implementation of a security policy will consist in minimizing, ie making the various risks for the company acceptable.