CONSULTING, AUDIT & training
CONSULTING & AUDIT
RISK MANAGEMENT
Using dedicated and proved methods especially designed for information security risk assessment (ISO 27005, Ebios 2010, Ebios Risk Manager, PIA, MEHARI), our approach is based on very pragmatic deliverables that help being flexible and agile in assessing your risks and business needs. We adapt our usage of these methods to your company culture and context, in order to optimize the results and limit the costs.
We address all kinds of information systems: management systems, scientific systems, industrial systems. These last ones are more and more critical, and are now structured like management systems, with client-server architectures, connections, storage systems, information exchanges, remote services…
Our expertise:
- Analyse your critical business processes
- Run vulnerability audits on your information systems
- Assess and quantify your risks
- Examine your “ecosystem” and your cyberattacks’ scenarios
- Select and mitigate main risks
We support you in defining or adjusting your security strategy. We help you identify your main internal security needs and external obligations, build your Information Security Policy (ISP), implement the governance of your information security management system (ISMS).
LISIS Conseil works together with business managers, risk managers, chief information officers, security officers, to guarantee that security strategy is aligned with your business objectives.
Our expertise:
- Analyse your internal security requirements (worst case scenarios) and the external mandatory rules and regulations that apply to your organization (national/transnational laws, sector regulations, customer related requirements)
- Define and build your Information Security Policy, or adapt it, on the usual three levels: management, directives, procedures.
- Support implementation or evolutions of your security organisation, committees, control plan.
- Conduct blank audits in order to help you prepare for compliance or certification
SECURITY AND STRATEGY
CONTINUITY PLANS
Business continuity plans and crisis management processes are vital to ensure resilience of your critical activities in case of disruption (of IT resources, key people, buildings, hardware, key subcontractors). Consequences on your company’s reputation, on your employees, on your customers, on your assets must be as small as possible.
Our expertise :
- Run your Business Impact Analysis (BIA),
- Assess and help you reduce your disruption or data losses risks,
- Choose your continuity scenarios,
- Define your backup strategy and solutions,
- Write your continuity procedures (BCP, DRP, Crisis management) using adaptable templates
- Help you program your tests’ campaign
- Check or audit your continuity process, and help you keep it operational and up-to-date.
Defining security metrics helps keeping the information security management system (ISMS) under control and gives tools for piloting security. It is also used to increase awareness, involvement and federation of all managers and employees on security.
Our expertise:
- Choose the most adequate metrics (strategic, functional, operational, means and results), aligned on your business critical activities
- Assist you in implementing your metrics’ elaboration circuits
- Design your security dashboards
METRICS AND DASHBOARDS
OUR TRAININGS
LISIS Conseil proposes a wide range of security trainings, including practical exercises. These trainings are based on our expertise and were built over several years. They can be personalized according to your specific needs.
All
Cybersecurity awareness – 1 day
Information Security Officers
Becoming an information security officer – 4 days
Security metrics and dashboards – 1 day
Security audits and reviews – 1 day
Risk managers
Assessment and mitigation of information security risks – 2 days
Top managers
information security policy and governance – 2 days
information security policy and governance – 2 days
Recommendations
" Hélène nous a accompagnés dans la réalisation d’un plan de continuité d’activité, projet alors totalement nouveau et inconnu pour nous. Forte de son expérience et de sa grande expertise dans ce domaine, elle a su nous faire comprendre comment dérouler ce projet avec méthode, toujours en vulgarisant les termes utilisés pour que le plus grand nombre de collaborateurs soient impliqués et comprennent la démarche. Nous avons pu répondre à la demande initiale qui émanait de notre assureur, nous approprier la démarche et être en capacité aujourd’hui de la poursuivre seuls et avoir des procédures suffisamment solides pour traiter les crises et la reprise d’activité.
Nous sommes persuadés aujourd’hui d’avoir fait le bon choix en étant accompagnés par Lisis Conseil. "
Dany GUILLET
Responsable QHSE - NICOLL (an Aliaxis company)
" LISIS Conseil is a key actor to help organizations in different sectors (industry, service companies) enhance their information security through a very efficient security project management that brings together the various stakeholders, smoothing their differences and ensuring their ownership and engagement. I especially appreciated LISIS Conseil structured but pragmatic approach and worked with them on information security policies, information security management systems, business impact / risk assessments and security action plans. "
B.T
Group CIO of a major french service company, former Head of Business Applications in a major french industrial company
Lisis Conseil SARL
8 bis avenue Lily
78170 La-Celle-Saint-Cloud, France