The Risk&Co Group carries out cybersecurity audits of technical targets (systems, networks or software), as well as of large projects and entire organisations.
Such advisory audits identify their main vulnerabilities, propose recommendations for remedial measures and help reduce risks to an acceptable level.
Depending on the kind of needs and the target area, the Risk&Co Group’s cyber-specialists define the most appropriate audit typology, in accordance with ANSSI (National Cybersecurity Agency of France) standards:
- Organisational audit
- Architectural audit
- Configuration audit
- Source code audit
Through a structured methodology, based on in-house client policies, international standards and the best industrial practices, the Risk&Co Group’s consultants identify the strengths, weaknesses, vulnerabilities and opportunities in terms of cybersecurity. They characterise the risks in business terms and are therefore able to develop pragmatic and effective action plans with their clients. At the end of each audit, the findings and conclusions are documented in a report presenting the risks identified and making the related recommendations.
In order to test the resilience of their customers’ IT security, the Risk&Co Group’s consultants have the ability to simulate attacks on their systems. Employing the same techniques and tools as those used by real attackers, they measure the impact and the probability of the security breaches thus discovered being exploited by real attackers. In case of a successful intrusion, they collect and document all the evidence and procedures.
In addition to audits, intrusion tests not only make the rapid detection of certain vulnerabilities possible, but also the sensitisation of technical teams and managers to cybersecurity issues.
Highly suited to “black box” systems, whose internal details are unknown, as well as web services and internal/external networks, intrusion tests provide a rapid, pragmatic and demonstrative security assessment.
With several dozen audits and tests performed each year, the Risk&Co Group is one of the leading providers of such services in France, for pre-market, pre-production and production systems, for end-users, manufacturers and industrial consortia. The targets tested are complex web applications, industrial and telecom networks, embedded systems and entire office networks.
Our other services
If necessary, audits and intrusion tests can call upon the Group’s expertise in safety/security engineering.
Security audit services are also provided within the broader framework of international infrastructure protection missions.