Caso Práctico

Risk analysis and ISS compliance

Team of risk analysts having a meeting at the Alter Solutions office

Industry
  • Aerospace & Defence

 

Context
  • We were integrated into a department dedicated to risk management and compliance of sensitive Information Systems (IS).

 

Challenge

The department we were integrated into focuses on Information Systems Security (ISS) expertise and has the following goals:

  • Assessing the combined compliance of sensitive IS with II 901, GDPR and PPST and export rules;
  • Conducting risk analyses on these IS based on the EBIOS 2010 methodology;
  • Supporting IS managers in the implementation of corrective measures;
  • Improving the process in place, the tools, and training the junior consultants.

Keys to success

  1. Our security expertise and an understanding of the challenges of sensitive IS;
  2. Our ability as a service provider to interact with the managers of a wide range of IS;
  3. Familiarity with legal frameworks (exports, privacy, national defence);
  4. Our ability to provide feedback to decision-making bodies (CSO, CISO, export control);
  5. Streamlining of reference systems and industrialization of tools.