CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together.

Transcription

1 CYBERSECURITY Global cybersecurity capabilities for a digital transformation with confidence Delivering Transformation. Together.

2 Sopra Steria, a European leader in digital transformation, has one of the most extensive portfolios of offerings available on the market, spanning consulting, systems integration, sales of industry-specific solutions and business process services. Sopra Steria also provides end-toend solutions to address the core business needs of large companies and organisations, helping them remain competitive and grow. Combining added value, innovative solutions and high-performance services, Sopra Steria excels in guiding its clients through their transformation projects, no matter how complex, and helping them make the most of digital technology EMPLOYEES BILLION PRO FORMA REVENUES IN SITES IN EUROPE AND THROUGHOUT THE WORLD 2 Cybersecurity - Digital transformation with confidence

3 Digital transformation with confidence Supported by even more open and interconnected systems, the digital economy is a source of threats that are increasingly growing in number and sophistication. With more than 700 experts and advanced Cybersecurity Centres in Europe and around the globe, Sopra Steria is a global cybersecurity partner and a reference for cyber trust operators for the protection of major institutional and economic players and their business sectors. Sopra Steria accompanies these organisations in the protection of their information and enables them to seize new opportunities and to accelerate the development of their digital potential with complete confidence. A comprehensive range of cybersecurity services Sopra Steria covers the entire security life cycle, from the identification of risks to operational monitoring services. CYBER MONITORING SIEM / SOC APT Detection NGIPS / HIPS Probes Monitoring / CERT Forensic Crisis management DETECTION & REACTION Cyber Monitoring PREVENTION Strategy, Risk and Governance Audits and Compliance PROTECTION Digital ID Data Protection STRATEGY, RISK AND GOVERNANCE Strategy / ISMS Risk analysis IS Security Policy CISO consultancy Business Continuity Management AUDITS AND COMPLIANCE Regulatory compliance IS compliance Organisational audits Penetration testing Vulnerability management DATA PROTECTION Classification Encryption DLP DIGITAL IDENTITIES CMS / IAM / PKI Biometrics / eid Electronic signature Management of access and privileges Cybersecurity - Digital transformation with confidence 3

4 Prevention The multiplication and the complexity of cyber threats invite governments and companies to rethink cybersecurity for ensuring better prevention against attacks. New uses in the digital sphere, in the context of strengthening the regulatory framework, are leading organisations to transform their security and risk management strategy in order to ensure the compliance of operational realities with the market s various reference systems and standards. Strategy, risk and governance Our consultants assist you in defining and implementing processes and means of prevention for ambitious, efficient and tailored security policies through the following activities: Risk analyses according to recognised methodologies (EBIOS, for example); Strategy, governance and implementation of information security management systems (ISMS); An IS Security Policy (ISSP) according to security standards (best practice, computer standard rules established by ANSSI (French National Agency for the Security of Information Systems), etc.); A Business Continuity Plan (BCP) to ensure a fast return to normal operations in case of a major security incident; CISO accompaniment. Audits and compliance The business and technical expertise of our consultants enables you to integrate and test the compliance of your systems with business reference systems (PCI DSS, Basel II, etc.) and with security systems (27001, ISSP, computer standard rules, Military Programming Act, etc.) and to take corrective measures. This continuous improvement process, supplemented by audits and vulnerability management, allows you to transform your IS in order to increase its level of security. A proactive approach to risk management Our security consulting expertise is built from a strong experience gained through activities in accompanying strategic assignments throughout Europe. Sopra Steria accompanies the transformation of security systems of a national health agency in order to enable its digital development Our consulting strength relies on a global network of 700 security experts recognised by benchmark certifications for these activities, such as Lead Auditor 27001, Risk Manager 27005, CISSP and CEH (Certified Ethical Hacker). Our consultants task is to provide answers to enable the achievement of your objectives: Alignment of your business risks with your security policies; Organisational efficiency and governance; Optimization of security processes and architectures. 4 Cybersecurity - Digital transformation with confidence

5 Focus on Sopra Steria s IS compliance solution Measuring the compliance level of the IS and managing change through security IS compliance is an industrial programme that is part of a proactive approach to risk management, in addition to real-time detection and reaction to incidents. The key success factors of our compliance programmes are: Meeting the expected standards whether they be regulatory, business or technical standards, or computer security standard rules and the ISSP Reports adapted to each type of user: Senior Management, Functional Directors, IS Directors, CISO and its operational teams A simple and pragmatic solution for complex organisations: multiple plates, multiples sites, decentralised IS change management that is based on a dual experience of cybersecurity operations and infrastructure management. A pragmatic and tooled approach for tangible results in less than six months A measure of equipment compliance based on undeniable facts (computer standard rules, ISSP, etc.) A tool based on a BI-OLAP (Business Intelligence Online Analytical Processing) technology: a multi-dimensional cube developed by our experts, capable of handling Big Data Billing by equipment type, regardless of the volume processed: workstations, servers, databases, network devices, etc. SOC SERVICES The compliance programme enables: a reduction in the number of vulnerabilities and exposure to attacks productivity gains GOVERNANCE an assessment of ROI and performance transformation management COMPLIANCE SERVICES TRANSFORMATION OVERVIEW OF THE COMPLIANCE PROGRAMME GOVERNANCE PRAGMATIC RULES MEASUREMENTS COMPLIANCE REPORTS CORRECTION PLAN Cybersecurity - Digital transformation with confidence 5

6 Protection After having identified the most sensitive information for your organisation, putting in place tailored protection means will enable you to control access and to protect against data leakage, identified as the main security risk by 60% of security decision-makers. Digital identities Our experts implement security solutions including design, implementation and operation: Identity and access management (IAM) that is deployed quickly and efficiently; Public key infrastructure (PKI) and strong authentication by certificates; Biometrics: SteriaAFiS (automatic fingerprint recognition) solutions; SteriaFiTPlus, biometric data capture system; eid/card management system (CMS): identity federation solutions which enable identification, authentication, physical and logical access controls and electronic signatures and which facilitate access to online services; Management of access and privileges: control of IS super administrators. Data protection In the digital economy, information is the most valuable asset of businesses and administrations - its protection is essential to ensure competitiveness. Sopra Steria provides its expertise for the classification of sensitive data and the implementation of DLP and encryption technologies. Our modular approach enables the control and confidentiality of your information from a prior perimeter of the IS to third-party environments. Excellence in implementing trusted solutions These protection capabilities are based on Sopra Steria s strong experience in system development, integration and maintenance, gained in complex projects, realised for the benefit of major institutional clients and businesses, in Europe and internationally. Sopra Steria transforms, integrates and operates the PKI of the General Secretariat of the Council of the European Union to homogenise all the tools for sharing information internally and between the Member States of the European Union. Based on proprietary software around biometrics or solid partnerships with top-ranked suppliers, our innovative solutions guarantee an endto-end securing of information, access to it and exchanges between third parties. These so-called «cyber trust» solutions enable organisations to create new products and services with a high level of trust, and to gain efficiency by using secure collaborative tools in order to develop their digital potential with confidence and to accelerate their competitiveness in their market. 6 Cybersecurity - Digital transformation with confidence

7 The Pass IN solution, a turnkey service for managing professional digital identities A global partnership between Sopra Steria and the Imprimerie Nationale (French National Printing Press) on the theme of cyber trust This unique partnership between two major players heavily involved in cyber trust includes: Joint development of the Card Management System (CMS) and the federation of identities Joint selling of the solution to companies and communities The Imprimerie Nationale has also entrusted its critical systems monitoring to Sopra Steria s Cybersecurity Centre A comprehensive programme of digital identity management Digital identity federation Production of secure cards Management of associated digital services (authentication, signature, encryption, etc.) Administration of the life cycle of services (revocation, renewal, etc.) Provision of complementary services: Single Sign-On (SSO), approval and validation processes, digitalisation of regulatory processes, digital archiving system and safe The benefits of Pass in are numerous, including economic, regulatory and security-related: Optimisation of management costs; Improvement of security by identification of employees through cards; Federation of multiple access badges on a single medium (physical access, trusted services, etc.); Propagation of strong authentication across the applications of the Information System; Consumption of services in SaaS mode; Compliance with standards of the General Security Reference System (RGS) regulated by the ANSSi (National Agency for Information System Security); High level of security, redundancy, and availability. Sopra Steria brings us the trust capabilities required for our digital acceleration. Our Pass IN solution is spearheading our efforts. DIDIER TRUTT President and CEO of the Imprimerie Nationale Group Cybersecurity - Digital transformation with confidence 7

8 Detection and Response With the evolution of threats and the proven character of cyber-attacks of different origins and increasing complexity targeting institutions or major economic players, Sopra Steria has developed an expertise and advanced industrial capabilities around the implementation of detection and response tools and services that are up to the task. Cyber monitoring The monitoring of information systems has become an essential element in the fight against fraud and cyber attacks. Sopra Steria accompanies you in the implementation of detection and response solutions: Security Information and Event Management (SIEM)/ Security Operations Centre (SOC): integration of SIEM tools and security event correlation and management service, incident response; Detection of Advanced Persistent Threats (APT): advanced SOC services for the detection of sophisticated attacks like APTs; Monitoring/CERT: custom security monitoring, approved CERT (Computer Emergency Response Team) since 2014; Forensic: on-demand search for evidence, using specific analysis techniques in digital investigations; Crisis management: managing cyber attack crises, mobilisation of a war room, coordination of experts, communication and reporting, preparation of the post-crisis transformation plan. Sopra Steria develops and integrates a SIEM solution (GSEC security module) for the Ministry of Defence Enhanced monitoring capabilities that meet your needs Faced with the exponential acceleration of cyber crime, implementing capabilities for active monitoring and permanent information systems has become a requirement of senior management, and more particularly for Opérateurs d importance Vitale (Operators of Vital Importance, OIV) subject to national regulations on the detection of security incidents, in force since 1 st January Protecting informational capital and critical Information Systems requires experience and a processing capability that goes beyond the solutions on the market. Sopra Steria combines its expertise in the area of security monitoring with advanced innovation capabilities around the development of new means of detection and investigation in an R&D Lab. This way, Sopra Steria offers a response that meets current and future Information Systems monitoring challenges. Sopra Steria monitors critical and vitally important Information Systems of an international urban transportation player 8 Cybersecurity - Digital transformation with confidence

9 A comprehensive and innovative approach to IS monitoring When confronted with attacks from networks, defence capabilities must be built into networks. Sopra Steria is part of a federative programme of the various stakeholders in the cybersecurity ecosystem (industry, SMEs, research laboratories, schools and universities...) around a trustworthy industry in order to offer protection and monitoring capabilities that are up to the challenges of the business sectors. With a strong presence in the aeronautics and space in the Midi-Pyrénées region, Sopra Steria coordinates the Albatros federative programme and the Box@PME project, for the protection of the sector and its SMEs. FEDERATE THE STAKEHOLDERS OF THE CYBERSECURITY ECOSYSTEM PROTECT BUSINESS SECTORS INCREASE THE EFFICIENCY OF THE MEANS FOR CYBER MONITORING Box@PME: a collaborative solution for the protection and detection of the SMEs of a business sector IS behavioural analysis tools based on machine learning RESEARCH AND DEVELOPMENT IDENTIFY FUTURE DETECTION TECHNIQUES Creation of a security laboratory in partnership with the CEA Tech, an innovation driver for cyber monitoring SKILLS DEVELOP SKILLS AND ATTRACT THE BEST TALENTS Creation of a degree-awarding training programme in partnership with the University of Toulouse Steria Hacking Challenge: the first interschool ethical hacking competition Sopra Steria and its partners are strengthening the protection of the aeronautics and space with the Albatros cybersecurity federative programme approved by the Aerospace Valley competitive cluster. Cybersecurity - Digital transformation with confidence 9

10 RightSecurity: A tailored model of services A right delivery model that is flexible and scalable, combining proximity and industrialisation Adapted to your requirements and your maturity: Sopra Steria offers all of its consulting, integration and operational security services based on a modular approach, for à la carte services in line with your requirements. Able to accompany your transformation: thanks to a bespoke model, Sopra Steria is able to accompany your security services transformation by adapting the delivery modes between proximity support - with expertise or service centre teams - and industrialisation with our Cybersecurity Centre and its dedicated or mutualised teams. CONSULTING INTEGRATION MANAGED SERVICES Industrial Cybersecurity Centres integrated internationally Sopra Steria has established several high level Cybersecurity Centres in Europe and around the world, capable of protecting the most complex and international organisations. They can also outsource all or part of their security functions in an industrial and integrated model. In France, the Cybersecurity Centre in Toulouse, gathers more than 120 experts and brings together the most advanced technology to prevent, detect and respond to attacks in an optimal way. A global approach based on a specific methodology of management by risk: IPPCoR Risk Identification, Prevention, Protections, Control and Reporting. An «as a service» security services catalogue: All our services are provided in the form of a catalogue of work units enabling the measurement of value on the basis of tangible deliverables. CLOSE CLIENT SUPPORT EXPERTISE / PROJECT / DEDICATED SERVICE RIGHT SECURITY CYBERSECURITY CENTRES DEDICATED OR MUTUALISED TEAMS 10 Cybersecurity - Digital transformation with confidence

11 Sopra Steria s plus points A global network of more than 700 experts dedicated to cybersecurity More than 300 references in complex projects A comprehensive range of services covering the security life cycle Top-ranked Cybersecurity Centres in Europe and internationally A unique service model on the market Recognised expertise in digital ID management and cyber defence Cybersecurity - Digital transformation with confidence 11

12 Sopra Steria 9 bis, rue de Presbourg Paris, France Tel. +33 (0)