.:Trust IT - Risks, Audit, IT Control and Security
Beijaflore has developed three offers to instil confidence in the services provided by the IS Department:

 

1. IT risk mapping and IS auditing to identify and anticipate areas of weakness
2. Defining policies and requirements to reduce risks and control the level of security of the IT services
3. Establishing and reviewing IT control plans to guarantee the efficiency of risk processing plans

 

IT Risk Offer
We help with the development of risk mapping methods and response strategies adapted to the company and in line with its business lines.
We use our catalogues of risks and causes and our scale of impact and potential development process.
We also develop or optimise risk management processes for the services provided by the IS department (analysis, evaluation, processing).

 

Information Security Offer
We assist our customers in the development of their annual IS audit plans and control plans through analysis of business challenges and identification of IT risks.
We help them develop audit reference systems for their control teams.

Our OPIS offer improves the operational performance of security processes by speeding up two performance levers:

• opening-up of security organisations
• industrialisation of processes through good trade practices and appropriate sourcing strategies

Our mission is to optimise the security organisation performance of our customers: governance, security policy, definition of applicable requirements, familiarisation of the management and employees, ISO2700X assistance, strategic or operational management charts and Balanced Security scorecard.
We help them to prepare and manage their strategic programmes: IAM (processes, reference systems, profiling, tools), data protection, vulnerability management, incident management, architecture and protection of flows, continuity (impact assessment on the activity, development of PCA/PRA, DRP).
We carry out business alignment and security management maturity diagnosis.

 

A few examples of missions
Risk analysis for the IS department of a bank

• Security expertise and risk analysis for application and architecture projects
• Reducing computer risks to an acceptable level
• Making sure that security is taken into account in projects
• Applying internal security procedures and standards

 

Definition and implementation of an ISP for the IS Security Department of a bank (4,000 users, 30 Territories)

• Security developments according to ISO 2700x standards
• Group Security Policy, based on the International Private Banking sector
• IS compliance and reduction of security risks