NIS2
The NIS2 directive improves cyber security by tightening requirements for the entities concerned, harmonising rules across Europe and increasing resilience in the face of growing cyber threats.
Asset inventory
We support you in drawing up and updating the inventory (hardware and software components, associated suppliers and subcontractors, interactions between systems). This inventory is a prerequisite for securing your systems.
Risk analysis
Companies need to adopt a long-term risk management programme. We use MONARC, a free tool recommended by the Luxembourg government, to analyse threats, propose corrective actions and monitor their evolution in line with market best practice.
Training and awareness
We provide the cybersecurity training required by NIS2, which includes awareness, specific programmes and simulations, to enhance the skills of managers and employees in the face of threats.
Incident management
NIS2 sets out new requirements for handling incidents and reporting them to the relevant authorities. We actively support you to ensure that the prescribed methods and deadlines are respected.
Automated network detection
In collaboration with internationally recognised partners, we work with you to implement technological solutions (SOC, SIEM) that observe and learn the behaviour of networks, assets and communications to automatically identify anomalies that could represent security threats.
DORA
The European DORA regulation aims to strengthen the digital operational resilience of financial entities by requiring strict risk management, third-party monitoring and rapid response to cyber incidents.
Risk analysis and remediation
Companies need to adopt a long-term risk management programme. We use MONARC, a free tool recommended by the Luxembourg government, to analyse threats, propose corrective actions and monitor their evolution in line with market best practice.
Vendor management
DORA requires financial entities to carry out a rigorous assessment of digital service providers. We work with you to draw up a register of suppliers, monitoring rules and a review of contractual agreements. A specific assessment of the risks associated with these collaborations is also carried out.
Testing
The regulation requires financial entities, depending on their size and criticality, to put in place mechanisms for regular testing of resilience in the face of operational incidents. We can help you design and implement appropriate systems, including resilience tests, penetration tests and continuous test cycles, while ensuring that they are rigorously executed and documented in accordance with regulatory requirements.
Incident management
Financial entities need to establish a structured framework for managing operational incidents related to information and communication technologies. We support you in putting in place the processes and tools to enable you to manage, classify and, where appropriate, report ICT incidents to the relevant authorities.
GDPR
The GDPR (General Data Protection Regulation) is a European regulation guaranteeing the confidentiality of personal data. It imposes obligations on organisations, such as obtaining consent, transparency and data security, and grants individuals enhanced rights, such as access, rectification and deletion of their information. .
Assessment and recommendations
Our analysis enables us to review the implementation of the GDPR within the organisation. In terms of individual rights, consent, organisational measures within the company or even identification and notification in the event of a data breach.
Record of Processing Activities
This register is a key obligation imposed by the RGPD to help organisations document their personal data processing activities and demonstrate compliance. We can help you set up this register and, where necessary, keep it up to date.
Data Protection Impact Assessments (DPIA)
We draw up your Impact Assessment when it is necessary and the processing of personal data presents a high risk to the rights and freedoms of the data subjects.
Training and awareness
The main cause of data breaches is often linked to human error, particularly that committed by employees. It is therefore essential to put in place regular training and awareness campaigns to reinforce their vigilance and understanding of good security practices.
Assistance in the event of a data breach or inspection by the authorities
Despite all the measures taken, a data breach can still occur. We'll help you analyse the incident, notify you if necessary and put in place corrective measures both urgently and over the long term.
ISO 27001
ISO 27001 defines a risk management framework for protecting sensitive information and guaranteeing the confidentiality, integrity and availability of data. Its implementation and long-term compliance with its recommendations contribute to compliance with the directives and regulations mentioned above.
Scoping
Correctly identifying the scope to be certified to ISO 27001 is an essential step in ensuring that the Information Security Management System (ISMS) meets the organisation's objectives. Our process identifies critical processes, defines organisational boundaries and considers any regulatory constraints. The documented scope will be validated with the stakeholders within the organisation.
Gap analysis and recommendations
We carry out an initial analysis based on existing policies, procedures, reports and registers. It is then compared with the practices observed within the company. Gaps are identified and classified to enable the action plan to be drawn up.
Controls
The 93 security controls in ISO 27001:2022 provide a framework for protecting information assets within the organization. We work with you to identify the relevant controls for each of the categories (organisational, people-related, physical and technological) and integrate them into the Information Security Management System.
Continuous improvement
Continuous improvement is an essential element of ISO 27001 to guarantee the security of the organisation and maintain certification over time. On a daily basis, we maintain our focus and carry out the 5 key activities (regular assessment, proactive risk management, updating of documents, stakeholder involvement and implementation of corrective actions).