• No results found

CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together.

N/A
N/A
Protected

Academic year: 2021

Share "CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together."

Copied!
12
0
0

Loading.... (view fulltext now)

Full text

(1)

Global cybersecurity capabilities

for a digital transformation

with confidence

CYBERSECURITY

(2)

+ 35 000

EMPLOYEES

Sopra Steria, a European leader in digital transformation, has one of the most extensive portfolios of offerings available on the market, spanning consulting, systems integration, sales of industry-specific solutions and business process services. Sopra Steria also provides end-to-end solutions to address the core business needs of large companies and organisations, helping them remain competitive and grow. Combining added value, innovative solutions and high-performance services, Sopra Steria excels in guiding its clients through their transformation projects, no matter how complex, and helping them make the most of digital technology.

+ 3.1 BILLION €

PRO FORMA REVENUES IN 2013

80

SITES

(3)

Supported by even more open and interconnected systems, the digital economy is a source of threats that are increasingly growing in number and sophistication.

With more than 700 experts and advanced Cybersecurity Centres in Europe and around the globe, Sopra Steria is a global cybersecurity partner and a reference for cyber trust operators for the protection of major institutional and economic players and their business sectors. Sopra Steria accompanies these organisations in the protection of their

information and enables them to seize new opportunities and to accelerate the development of their digital potential with complete confidence.

A comprehensive range of cybersecurity services

Sopra Steria covers the entire security life cycle, from the

identification of risks to operational monitoring services.

Digital transformation

with confidence

STRATEGY, RISK AND GOVERNANCE • Strategy / ISMS • Risk analysis • IS Security Policy • CISO consultancy

• Business Continuity Management

AUDITS AND COMPLIANCE

• Regulatory compliance • IS compliance • Organisational audits • Penetration testing • Vulnerability management DIGITAL IDENTITIES • CMS / IAM / PKI • Biometrics / eID • Electronic signature • Management of access and privileges DATA PROTECTION • Classification • Encryption • DLP CYBER MONITORING • SIEM / SOC • APT Detection • NGIPS / HIPS Probes • Monitoring / CERT • Forensic • Crisis management PREVENTION Strategy, Risk and Governance Audits and Compliance

DETECTION & REACTION Cyber Monitoring PROTECTION Digital ID Data Protection

(4)

New uses in the digital sphere, in the context of strengthening the regulatory framework, are leading organisations to transform their security and risk management strategy in order to ensure the compliance of operational realities with the market’s various reference systems and standards.

Strategy, risk and governance

Our consultants assist you in defining and

implementing processes and means of prevention for ambitious, efficient and tailored security policies through the following activities: • Risk analyses according to recognised

methodologies (EBIOS, for example);

• Strategy, governance and implementation of information security management systems (ISMS); • An IS Security Policy (ISSP) according to security

standards (best practice, computer standard rules established by ANSSI (French National Agency for the Security of Information Systems), etc.);

• A Business Continuity Plan (BCP) to ensure a fast return to normal operations in case of a major security incident; • CISO accompaniment.

Audits and compliance

The business and technical expertise of our consultants enables you to integrate and test the compliance of your systems with business reference systems (PCI DSS, Basel II, etc.) and with security systems (27001, ISSP, computer standard rules, Military Programming Act, etc.) and to take corrective measures.

This continuous improvement process, supplemented by audits and vulnerability management, allows you to transform your IS in order to increase its level of security. A proactive approach to risk management

Our security consulting expertise is built from a strong experience gained through activities in accompanying strategic assignments throughout Europe.

Our consulting strength relies on a global network of 700 security experts recognised by benchmark certifications for these activities, such as Lead Auditor 27001, Risk Manager 27005, CISSP and CEH (Certified Ethical Hacker). Our consultants’ task is to provide answers to enable the achievement of your objectives: • Alignment of your business risks

with your security policies;

• Organisational efficiency and governance; • Optimization of security processes

and architectures.

The multiplication and the complexity of cyber threats invite governments and companies to rethink cybersecurity for ensuring better prevention against attacks.

Prevention

Sopra Steria accompanies the transformation of security systems of a national health agency in order to enable its digital development

(5)

Measuring the compliance level of the IS and managing change through security

IS compliance is an industrial programme that is part of a proactive approach to risk management, in addition to real-time detection and reaction to incidents.

The key success factors of our compliance programmes are: • Meeting the expected standards whether they

be regulatory, business or technical standards, or computer security standard rules and the ISSP • Reports adapted to each type of user: Senior

Management, Functional Directors, IS Directors, CISO and its operational teams • A simple and pragmatic solution for

complex organisations: multiple plates, multiples sites, decentralised

• IS change management that is based on a dual experience of cybersecurity operations and infrastructure management.

A pragmatic and tooled approach for tangible results in less than six months • A measure of equipment compliance based on

undeniable facts (computer standard rules, ISSP, etc.) • A tool based on a BI-OLAP (Business Intelligence

Online Analytical Processing) technology: a multi-dimensional cube developed by our experts, capable of handling Big Data • Billing by equipment type, regardless of the

volume processed: workstations, servers, databases, network devices, etc.

The compliance programme enables:

• a reduction in the number of vulnerabilities and exposure to attacks

• productivity gains

• an assessment of ROI and performance • transformation management

Focus on Sopra Steria’s IS compliance solution

SOC SERVICES COMPLIANCE SERVICES GOVERNANCE

TR

ANSFORM

ATION

OVERVIEW OF THE COMPLIANCE PROGRAMME

GOVERNANCE PRAGMATIC RULES MEASUREMENTS COMPLIANCE

(6)

Digital identities

Our experts implement security solutions including design, implementation and operation:

• Identity and access management (IAM) that is deployed quickly and efficiently;

• Public key infrastructure (PKI) and strong authentication by certificates;

• Biometrics: SteriaAFiS (automatic fingerprint recognition) solutions; SteriaFiTPlus, biometric data capture system;

• eID/card management system (CMS): identity federation solutions which enable identification, authentication, physical and logical access controls and electronic signatures and which facilitate access to online services; • Management of access and privileges:

control of IS super administrators.

Data protection

In the digital economy, information is the most valuable asset of businesses and administrations - its protection is essential to ensure competitiveness. Sopra Steria provides its expertise for the

classification of sensitive data and the implementation of DLP and encryption technologies.

Our modular approach enables the control and confidentiality of your information from a prior perimeter of the IS to third-party environments.

Excellence in implementing trusted solutions These protection capabilities are based on Sopra Steria’s strong experience in system development, integration and maintenance, gained in complex projects, realised for the benefit of major institutional clients and businesses, in Europe and internationally.

Based on proprietary software around biometrics or solid partnerships with top-ranked suppliers, our innovative solutions guarantee an end-to-end securing of information, access to it and exchanges between third parties. These so-called «cyber trust» solutions enable organisations to create new products and services with a high level of trust, and to gain efficiency by using secure collaborative tools in order to develop their digital potential with confidence and to accelerate their competitiveness in their market. After having identified the most sensitive information for your organisation, putting in place tailored protection means will enable you to control access and to protect against data leakage, identified as the main security risk by 60% of security decision-makers.

Protection

Sopra Steria transforms, integrates and operates the PKI of the General Secretariat of the Council of the European Union to homogenise all the tools for sharing information internally and between the Member States of the European Union.

(7)

A global partnership between Sopra Steria and the Imprimerie Nationale (French National Printing Press) on the theme of cyber trust This unique partnership between two major players heavily involved in cyber trust includes:

Joint development of the Card Management System (CMS) and the federation of identities

Joint selling of the solution to companies and communities

The Imprimerie Nationale has also entrusted its

critical systems monitoring to Sopra Steria’s Cybersecurity Centre A comprehensive programme of digital identity management • Digital identity federation • Production of secure cards

• Management of associated digital services (authentication, signature, encryption, etc.) • Administration of the life cycle of

services (revocation, renewal, etc.)

• Provision of complementary services: Single Sign-On (SSO), approval and validation processes, digitalisation of regulatory processes, digital archiving system and safe

The benefits of Pass’iN are numerous, including economic, regulatory and security-related: • Optimisation of management costs;

• Improvement of security by identification of employees through cards;

• Federation of multiple access badges on a single medium (physical access, trusted services, etc.); • Propagation of strong authentication across

the applications of the Information System; • Consumption of services in SaaS mode;

• Compliance with standards of the General Security Reference System (RGS) regulated by the ANSSi (National Agency for Information System Security); • High level of security, redundancy, and availability.

The Pass’IN solution, a turnkey service for managing professional

digital identities

Sopra Steria brings us the trust capabilities required for our digital acceleration. Our Pass’IN solution is spearheading our efforts. 

DIDIER TRUTT

(8)

With the evolution of threats and the proven character of cyber-attacks of different origins and increasing complexity targeting institutions or major economic players, Sopra Steria has developed an expertise and advanced industrial capabilities around the implementation of detection and response tools and services that are up to the task.

Detection and Response

Cyber monitoring

The monitoring of information systems has become an essential element in the fight against fraud and cyber attacks. Sopra Steria accompanies you in the implementation of detection and response solutions: • Security Information and Event Management (SIEM)/

Security Operations Centre (SOC): integration of SIEM tools and security event correlation and management service, incident response; • Detection of Advanced Persistent Threats

(APT): advanced SOC services for the detection of sophisticated attacks like APTs;

• Monitoring/CERT: custom security monitoring, approved CERT (Computer Emergency Response Team) since 2014; • Forensic: on-demand search for evidence, using

specific analysis techniques in digital investigations; • Crisis management: managing cyber attack

crises, mobilisation of a war room, coordination of experts, communication and reporting, preparation of the post-crisis transformation plan.

Sopra Steria develops and integrates a SIEM solution (GSEC security module) for the Ministry of Defence

Enhanced monitoring capabilities that meet your needs

Faced with the exponential acceleration of cyber crime, implementing capabilities for active monitoring and permanent information systems has become a requirement of senior management, and more particularly for Opérateurs d’importance Vitale (Operators of Vital Importance,

OIV) subject to national regulations on the detection of security incidents, in force since 1st January 2015. Protecting informational capital and critical Information Systems requires experience and a processing capability that goes beyond the solutions on the market.

Sopra Steria combines its expertise in the area of security monitoring with advanced innovation capabilities around the development of new means of detection and investigation in an R&D Lab. This way, Sopra Steria offers a response that meets current and future Information Systems monitoring challenges.

Sopra Steria monitors critical and vitally important Information Systems of an international urban transportation player

(9)

A comprehensive and innovative approach to IS monitoring

When confronted with attacks from networks, defence capabilities must be built into networks. Sopra Steria is part of a federative programme of the various stakeholders in the cybersecurity ecosystem (industry, SMEs, research laboratories, schools and universities...) around a trustworthy industry in order to offer protection and monitoring capabilities that are up to the challenges of the business sectors.

With a strong presence in the aeronautics and space in the Midi-Pyrénées region, Sopra Steria coordinates the Albatros federative programme and the Box@PME project, for the protection of the sector and its SMEs.

FEDERATE THE STAKEHOLDERS OF THE CYBERSECURITY ECOSYSTEM PROTECT BUSINESS SECTORS

DEVELOP SKILLS AND ATTRACT THE BEST TALENTS

Creation of a degree-awarding training programme in partnership with the University of Toulouse Steria Hacking Challenge: the first inter-school ethical hacking competition

IDENTIFY FUTURE DETECTION TECHNIQUES

Creation of a security laboratory in partnership with the CEA Tech, an innovation driver for cyber monitoring

INCREASE THE EFFICIENCY OF THE MEANS FOR CYBER MONITORING

Box@PME: a collaborative solution for the protection and detection of the SMEs of a business sector IS behavioural analysis tools based on machine learning

Sopra Steria and its partners are strengthening the protection of the aeronautics and space with the Albatros cybersecurity federative programme approved by the Aerospace Valley competitive cluster.

RESEARCH AND

(10)

A right delivery model that is

flexible and scalable, combining

proximity and industrialisation

Adapted to your requirements and your maturity: Sopra Steria offers all of its consulting, integration and operational security services based on a modular approach, for à la carte services in line with your requirements. Able to accompany your transformation:

thanks to a bespoke model, Sopra Steria is able to accompany your security services transformation by adapting the delivery modes between proximity support - with expertise or service centre teams - and industrialisation with our Cybersecurity Centre and its dedicated or mutualised teams.

Industrial Cybersecurity Centres

integrated internationally

Sopra Steria has established several high level Cybersecurity Centres in Europe and around the world, capable

of protecting the most complex and international organisations. They can also outsource all or part of their security functions in an industrial and integrated model. In France, the Cybersecurity Centre in Toulouse, gathers more than 120 experts and brings together the most advanced technology to prevent, detect and respond to attacks in an optimal way.

• A global approach based on a specific methodology of management by risk: IPPCoR

Risk Identification, Prevention, Protections, Control and Reporting.

• An «as a service» security services catalogue: All our services are provided in the form of a catalogue of work units enabling the measurement of value on the basis of tangible deliverables.

RightSecurity:

A tailored model of services

CONSULTING INTEGRATION MANAGED SERVICES

CLOSE CLIENT SUPPORT

EXPERTISE / PROJECT / DEDICATED SERVICE

RIGHT SECURITY

CYBERSECURITY CENTRES

(11)

Sopra Steria’s

plus points

A global network of more than 700 experts dedicated to cybersecurity More than 300 references in com-plex projects

A comprehensive range of services cove-ring the security life cycle

Top-ranked Cybersecurity Centres in Europe and internationally

A unique service model on the market

Recognised expertise in digital ID manage-ment and cyber defence

(12)

Sopra Steria

9 bis, rue de Presbourg 75 116 Paris, France Tel. +33 (0)1 40 67 29 29

References

Related documents

Consequently, federal courts have allowed upward adjustments under the new sentencing guidelines for a variety of behaviors relevant to terrorism: cases in which the defendant

The results produced in the present study are in general agreement with those produced by Pulido, López, and Lanzagorta (2005) and Pulido and López (2006) that show

NRM (physical structures) and the agricultural support (mainly training and tools) complement one another and their impacts are maximized when considered together.

Additionally, in order to verify the list of report IDs containing all relevant user cases, we selected all Medical Device reports in paper format in the authority archive during

For a pendulum in simple harmonic motion (shm) with a small deviation angle, period of oscillation depends only upon the pendulum length and the acceleration due to gravity..

Her creative work was encouraged and praised by composers such as Chopin, Brahms, Liszt,1 Mendelssohn and of course her husband Robert Schumann.. Yet she herself

Bunny and birthday wishes for dad who loves her just to pick our beloved father, look forward to know whatever i make.. Following birthday to be perfect way that lasts you have an

Stupid of hurt because im letter to know how genuinely sorry for boyfriend from, it is the truth, i will always an idiot thing i never by.. Track and heart because im sorry letter