SecNumCloud training

UNDERSTANDING THE FUNDAMENTALS OF ANSSI CERTIFICATION, QUALIFICATION AND SECURITY VISAS

• Provision of SaaS, PaaS and IaaS services and responsibilities by service
• Qualification of service providers (terms and scope)
• Understanding safety levels

‍

DEVELOPING AND MANAGING CERTIFICATION AND CONTROL PROJECTS - SECURITY GOVERNANCE

• Diagnose organization and requirements
• Diagnose the level of security implementation in line with the Code of Best Practice
• Define the scope of application / perimeter of certification
• Drawing up an ISSP (Information System Security Policy) and corporate information protection policy
• Definition of roles and responsibilities - organization
• Manage & prepare risk analysis
• Information security policy
• Human Resources Security

‍

TRAINING AND AWARENESS-RAISING

• Safety training
• Building a safety awareness program
• Tools and methods
• Regulations, recruitment and safety

‍

SMSI MANAGEMENT, KPI

• Measuring and defining safety dimensions
• Safety management and management review
• Performance assessment
• Audit and control program management

‍

SETTING UP ADVANCED SECURITY PROCESSES

• Implementation of security incident management
• Building a continuity plan
• Safety risk management

‍

PROJECT MANAGEMENT AND CORPORATE INTEGRATION

• How to set up an integrated management system
• Involving managers and employees
• Integrating behavioral aspects
• Identify project risks and formalize alerts

‍

ASSET, ACCESS AND INFORMATION MANAGEMENT

• Process and policy
• Methods and tools
• Access controls (policies and processes)

‍

CRYPTOLOGY

• Encryption of stored data
• Stream encryption
• Password hashing
• Non-repudiation
• Secret management

‍

PHYSICAL AND ENVIRONMENTAL SAFETY

• Physical security perimeters
• Physical access control
• Protection against external and environmental threats
• Working in private and sensitive areas
• Delivery and loading zones
• Equipment maintenance

‍

OPERATING SAFETY

• Change management
• Measures against malicious code
• Saving information
• Event logging
• Protection of logged information
• Vulnerability management

‍

COMMUNICATIONS SECURITY

• Information system mapping
• Network partitioning
• Network monitoring

‍

ACQUISITION, DEVELOPMENT AND MAINTENANCE OF INFORMATION SYSTEMS

• Secure development policy
• System change control procedures
• Technical review of applications following changes to the operating platform
• Outsourced development
• Safety testing and system compliance
• Test data protection

‍

RELATIONS WITH THIRD PARTIES

• Identifying third parties
• Security in agreements with third parties
• Monitoring and review of third-party services

‍

INFORMATION SECURITY INCIDENT MANAGEMENT

• Responsibilities and procedures
• Information security reports
• Information security event assessment and decision-making
• Response to information security incidents
• Learning from information security incidents
• Evidence gathering

‍

BUSINESS CONTINUITY

• Business continuity organization
• Implementing business continuity
• Check, review and assess business continuity
• Availability of information processing resources

‍

COMPLIANCE

• Identification of applicable legislation and contractual requirements
• Independent review of information security
• Compliance with safety policies and standards
• Examination of technical compliance

‍