The Network and Information System Security - (UE) 2016/1148 directive, commonly referred to as NIS, was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations…
In this second article on Identity and Access Management (IAM) we look at why many organisation face difficulties transforming their IAM ecosystem, and how IAM programmes should be approached and structured. In our previous article – Identity and Access Management:…
Large organisations are facing unprecedented change, such as adapting to remote working and managing operational risk in a post-pandemic world. Identity & access management (IAM) – the provision and verification of identities and their access rights – is once again…
Organising a cyber crisis exercise is not an easy task. From the preparation to the D-Day, a lot of unforeseen events can occur and the preparation teams need to remain a step ahead of the players. This article will break down the steps to a successful cyber crisis exercise…
Create a relationship of trust with the executive committee: step 2, solidify the organisation's posture and explain the lines of action Creating a relationship of trust with the executive committee is a long-term action. After a first step that often involves raising awareness and putting the cyber risk into perspective…
Over 40 assessments of industrial sites Over the past two years, Wavestone’s auditors have conducted more than 40 cybersecurity assessments of industrial sites in various sectors (pharmaceutical, food processing, energy, etc.). These assessments have enabled us to benchmark the level of…
Security organisation are facing more and more employees leaving. There is an urgent need to rebuild a more readable operational model with a trend in pooling and eliminating redundancies. This article will present an attempt at explaining this situation and…
[nota bene: this article has been translated to English for accessibility reasons. It does not address UK or US regulations, but only French ones regarding Security Accreditation (“homologation” in French). It is nonetheless useful for any organization wanting to implement…
For the most impatient readers, you can go directly to the Key Elements at the end of the article. Reminder of the state of the threat ANSSI states in ÉTAT DE LA MENACE RANÇONGICIEL - À L'ENCONTRE DES ENTREPRISES ET…
Among the needs identified by our industrial customers are the mapping of OT systems (Operational Technology) and the detection of attacks. Over the last ten years or so, several players have been working on the development of tools to meet…
