The architecture and overall security strategy must focus on ensuring the confidentiality, integrity and availability of information and systems.

From our point of view, in order to achieve this goal there are two major tasks that one should face:

  • The first one is obvious: analysis and risk management (ISMS).
  • The second is less so: awareness and communication plans.
When approaching the analysis and risk management, one must address five main areas:

  • Regulatory Compliance.
  • Identity and access management.
  • Applications security.
  • Security of the infrastructure.
Regulatory Compliance
  • Set of rules and safety regulations that establish different requirements in different fields (LOPD, LSSI, BASILEA III, SOX, MiFID…).
Id and Access Manage.
  • Create a single shared identity across applications and resources.
  • Implement the structure, processes and technologies to consistently manage identities and their attributes.
  • Provide individualized security and access rights based on the identity and profile of a person.
  • Provide access control technologies to enable a simplified “single sign -on”.
Application Security
  • Differentiate between internal developments and standard software.
  • Incorporate security controls in the development methodology.
  • Integrate own and third-party applications with the Identity Management system.
Security infrastructure
  • Network Security
  • Systems Security.
  • Workplace Protection.
  • Data Security.
  • Anti-fraud controls.
  • Infrastructure security management.
  • Consolidation of all available information.
  • Generation and management of security events.
Business Continuity
  • Prevent loss of Data and Service.
  • Crisis management.
  • Recovery of the Systems.
  • Identification of critical staff.
  • Recovery of the work environment.
  • Maintenance of the activity within normalcy.
  • Recovery of buildings/offices.