Cyber Risk & Security - Beijaflore Group

Faced with the proliferation of strategic, business and personal data that must be adequately protected, how can the business develop its performance and its differentiation in the market?

3 consultants worked for a major transport operator for 2 years to define and implement the data protection strategy.

Achievements:

• Taking into account business needs (digitalisation of services, opening to competition …)
• Integration of regulatory requirements (Open Data, RGPD …)
• Definition of the protection strategy and declination in technical solutions

The team intervention helped the client to control the risks of information leakage, to make management responsible for the use of data and to comply with GRPD regulations.

In a context of technological and business openness, how to better control access and user identities and manage the technological obsolescence of historical tools?

A manager and 4 consultants worked with a leader in the industrial sector for 18 months to develop the strategy and pilot the integrator of the IAM program.

Achievements:

• Declining strategy into functional specifications, project management and recipe
• Meeting of the functional teams to define the cases of use and coordination of the technical teams to ensure the compatibility and the good taking into account of the needs
• Implementation of SSO in the Azure cloud, identity federation, connection of business applications to the SailPoint tool

The intervention of our consultants has empowered managers and asset owners to assign and review rights, streamline access requests and control the risks of identity theft and abuse of privilege

How to secure the largest Oil & Gas platform in the world, taking into account the issues of the heavy industry sector?

About twenty consultants worked from the design phase to the launch of securing the various industrial platforms.

Achievements:

• Definition of cyber security strategy and declination into organizational, functional and technical requirements adapted to OT
• End-to-end cyber risk management with 100+ suppliers
• Industrial security architecture, prototyping solutions
• Training of automation engineers in cyber security
• Audit and technical recipe of industrial components

This international project required advanced skills in the OT environment by working with American, Korean, Japanese, Singaporean, Indian, Australian and European teams. 

User are now able to control risks.

What defense strategy to adopt for a group that is particularly visible and whose brand image is highly valued?

In the luxury sector, there are significant risks to the group’s reputation in the event of a cyber attack. Customer privacy issues are also present (GRPD). 3 consultants worked on defining and deploying a cyber defense strategy.

Achievements:

• Definition and implementation of scenarios to detect cyber attacks on the group’s digital assets.

These actions made it possible to better detect risks and react, to improve the group’s capabilities and to organize a defense centered around the most sensitive assets given the business issues.

For the launch of its digital bank, a major customer of the banking sector wants to be audited to correct the potential vulnerabilities of its tool

As part of the construction of its digital banking offer, Beijaflore has audited the web and mobile applications during the various development phases and carried out the latest security verifications before the production and launch of the platform.
3 consultants intervened and worked closely with operational, risk and program directorates.

Achievements:

• 3 test campaigns conducted on non-production and production environments
• IOS and Android apps audited

These actions made it possible to correct the vulnerabilities throughout the development and recipe cycle of the various environments, including those that may require deep redesign of the application logic. It also helped correct all major vulnerabilities before going into production.

Faced with the proliferation of connected objects in business, how to secure their use?

The Head of Information Systems Security of a luxury sector company wanted to be accompanied on the integration of security & compliance of 10 connected objects.
3 cyber security experts accompanied the company in securing the connected objects used for the development of its new offers.

Achievements:

• Writing a risk analysis template adapted to connected objects,
• Writing a generic security guide for connected objects in the context of the client,
• Workshops with technical project managers and trades of each of the 10 connected objects.
• Realization of 10 “privacy by design” supports,
• Realization of 10 risk analysis tools with associated action plans,
• Control of 5 intrusion tests on the most critical connected objects,
• Intermediate and final restitutions to the CISO and to the trades.

These actions made it possible to secure the 10 connected objects and bring them into GRPD compliance. 

How to automate business processes without compromising the security of personal data?

As part of a digitalization program, a company in the banking sector wants to make available to its employees an RPA solution. The security support must guarantee that the chosen solutions will be in line with the client’s policy by taking into account the issues related to massive manipulation of personal data and regulatory issues.
A consultant provided security coaching to all of the client’s robotik process automation (IA) initiatives.

Achievements:

These actions made it possible to empower the team responsible for monitoring the launch of the RPA platform, defining a scoping process and RPA use cases, managing RPA risks and supporting the project from start to finish.