Training and awareness

Training

The purpose of the information security training is to develop the skills of the company's employees in the various areas of security (architecture, risk management, physical and environmental security) to ensure the security of information resources and meet organizational business needs. The training ensures that employees and company executives speak the same language, use the best practices of the information security industry, and efficiently. Training is therefore the key to the success of any organizational security strategy because it is important that employees and managers have the right level of knowledge based on the role that each employee occupies within the organization. In short, the best technological measures will be in vain if employees do not know how to apply them or do not understand them.

Awareness

Information Security Awareness is an awakening to the threats, risks and vulnerabilities that surround us. It aims to develop safe behaviors and adopt good security practices. If an employee or officer is not sensitive to information security, it will be difficult to get him or her to accept the security measures that we want to put in place. That's why you need to be able to target different groups of people in order to find the right examples and identify the risks and threats they face. Awareness requires extensive collaborative work with company members to better understand the constraints that security specialists are putting in place. Finally, we must not forget that to be successful in awareness, we must make it an ongoing process and follow the news in information security to keep up to date on a regular basis.

Invest in training and awareness

Information security is no longer limited to implementing technologies to protect our business. Security depends on the weakest link. More often than not, it is the human who compromises security. The latter is part of defense mechanisms, as is technology. It is essential that the company's employees, including its management, understand that they have a vital role to play in safety, regardless of their level of management in the company. By investing in training and awareness, we significantly increase the security of the company, while ensuring that business needs are taken into account and that the solutions to be implemented will be appropriate.

Our approach

To achieve information security training and awareness, the strategic, tactical, and operational levels must be covered. CFSSI developed with you a vision that takes into account the business needs that results in a strategic plan for a period of 3 to 5 years. From a tactical point of view, this is achieved through training and awareness programs that will achieve the vision that is an integral part of the strategic plan. Finally, from the operational point of view, it is the setting up of processes to support these programs. Throughout your journey, CFSSI will accompany you and determine with you, your needs in this area, while taking into account the mission and the business vision of the company as well as your concerns.

Customized training and awareness

In addition to its training and information security awareness service, CFSSI can develop customized training and awareness activities, as well as awareness campaigns that will be adapted to your reality. Contact CFSSI, its team will be happy to meet you to determine your needs in this area.

Incident management

Incident

We are talking about an incident, in information security, as soon as availability, integrity or confidentiality has been compromised. Availability is about being able to access data at the right time by the people that need it to do their job. Integrity is about ensuring that data is not changed or deleted without the knowledge of people that have the ability to manage it. Finally, the purpose of confidentiality is to limit access to data only to people that have the ability to view, modify and delete it.

Verification

As soon as an incident, in information security, is confirmed, then we must find the origin of it, and if applicable, the evidence when charges must be laid, against an individual or an organization. In the case where a computer proof must be presented to the court, it is called an inquiry which consists of collecting, analyzing and presenting this evidence.

Organizing against the enemy

Cybercrime is booming and nobody escapes it. From the simple "hacker" in the past, who wanted to understand how a computer system works or get into it to show off their skills, we are now in the air of cybercrime et hacktivism. The case of Sony Play Station Network hacking reminds us to be well prepared when a security incident occurs. It is not enough to correct the problem, but we must learn and improve our interventions in this area.

Our approach

To properly prepare for a future incident, the processes necessary for the preparation, detection, analysis, containment, eradication and recovery of an incident must be in place. Our approach is based on the NIST SP 800-61 standard, and CFSSI adapts it to your business.

Expertise at your service

CFSSI can assist you in one of the steps of managing an incident. It has the experience to advise you in this area.

Computer security checks

Proceed in the rules of the art

Computer checks can be used to search for evidence, whether it is for illicit use of a computer or sending a personal email by an employee. Although a computer may belong to the company, an employer can not conduct audits if it has not informed its employees that it can do so. This should be an integral part of a directive related to security policy.

Before collecting evidence, you should be advised by human resources as well as a legal advisor. This is important since the company risks contravening an article of a collective labour agreement or a contract of employment or even a law. Even if it is not the case, to take disciplinary measures or to lay charges against an employee, it must be ensured that it can be proved beyond any doubt that the acts with which he is accused have been committed by this one. If you had to make a complaint to the police, your evidence must be well documented.

Our approach

Before conducting computer security checks, CFSSI ensures that certain prerequisites exist before proceeding, including that employees have been informed that the company can make such verifications. In addition, CFSSI works with the human resources department and, where applicable, your legal advisor to respect your legal framework. Also, a computer security audit plan must be approved to delineate the scope of the audits and describe the approach to collect evidence. Once this plan is approved by the company, CFSSI conducts the verification. It then produces a report containing the results thereof and communicates these results as well as recommendations.

Expertise at your service

CFSSI has experience in the field of verifications. It had the opportunity to work with the police to produce evidence in the investigation. Its systematic approach ensures that evidence is well documented and not altered. During an IT audit, confidentiality and integrity are essential. A meeting with you will convince you that CFSSI has the expertise that you need.

Consulting

Good measures, in the right places

In the past years, the people involved in implementing a technological solution were also implementing security measures without taking into account business needs and without checking whether these measures were the best. Can a firewall protect you from a security hole in a web application? Suppose you have a database on that same server, and there is a security hole on one of your web applications, will you be protected? If your web application is unsafe, there is a risk that someone may obtain confidential information in your database. The installation of a firewall, in such a case, does not guarantee the protection of the application.

Our approach

CFSSI would like to understand your business needs and work with you to inventory of the security measures in place or to put in place. In addition to being adapted to your environment, CFSSI will make sure you get a return on your investment. A plan to prioritize these measures can also be developed with you so that it aligns with your priorities.

Expertise at your service

CFSSI is based on recognized international standards and uses the best market practices to give you the best value for your money. To understand your environment and your needs, CFSSI can advise you in matter of information security.

Securing email

To exchange emails securely

Email is a means of communication that has revolutionized our lives. It is used in every way: to plan meetings, exchange documents, communicate with our loved ones when we are outside, etc. Did you know that communications can be intercepted, which can compromise the confidentiality of some documents that must remain confidential? How can we be sure that an e-mail we receive has been sent by the person claiming to be the author of the message? How can we protect ourselves from malwares, spam, phishing, etc? If you have your own email infrastructure or have outsourced your email service, it's important to be able to answer these questions.

Our approach

To properly advise you in this area, you must first determine how you manage your email. If you manage your email infrastructure yourself, we will evaluate its security and make recommendations to you, such as the use of secure protocols, the use of electronic signatures or put in place a secure email solution to counter malwares, spam, phishing, etc. If the service is offered by an external provider, we will see with you what measures are put in place to ensure the confidentiality and an adequate protection of your email. All this, CFSSI is doing it with you.

Expertise at your service

CFSSI has many years of experience in email management. Its staff has managed infrastructure containing tens of thousands of email accounts. It has expertise in Unix infrastructures, anti-virus and anti-spam servers. To learn more about the service offered and the expertise of CFSSI, book a meeting with us to discuss about it in more details.

Securing a Unix environment

Control and master Unix

For neophytes, a Unix system can seem complex to manage. Does your staff have all the expertise to properly secure your servers? Did you know that even if you are protected against Windows-type viruses, your server or your Unix workstations may have a rootkit? These are issues to consider in determining whether you need external expertise to secure your Unix environments. CFSSI advises you to use the services of experienced people, if you want to prevent your Unix environment from being compromised.

Our approach

CFSSI will work with your Unix administrator(s) and use recognized standards and tools to help you assess the safety of your environment. It can also assist you in the implementation and administration of Unix servers, and even train your staff to make it autonomous. Whether it's administering an email server, a name server (DNS), a Web server or services running on Unix, CFSSI will meet your needs.

Our expertise at your service

CFSSI has more than 20 years of experience in Unix server administration and management of various Unix flavors (Solaris, HP-UX, AIX, ConvexOS, MacOS X, True64, Ubuntu). It knows how to manage a Unix system in command line, set up automatisms, develop "scripts" ... A meeting will be enough to convince you of our expertise.