While designing security architecture, setting up remote access for third parties or for any other project affecting the core of its customers’ systems, the Risk&Co Group offers independent expertise for project owners and project management, focused on understanding risks and defining pragmatic and scalable solutions.
The Risk&Co Group is frequently involved in major projects due to its ability to identify security issues and possible solutions rapidly. For each project, the Risk&Co Group’s priority is to understand its customers’ security objectives.
The Risk&Co Group’s cyber-specialists have been able to work on various projects, such as SCADA remote access architecture or embedded avionics protection mechanisms. For each of these projects, they have provided independent expertise that is fully adapted to previously identified risks.
Cyber risk analysis
Risk analysis in this field is the identification and characterisation of cyber risks that affect a given assessment target, such as an industrial system, a critical web application, or a network component.
The Risk&Co Group conducts cybersecurity analyses to:
- Identify critical systems facing IT threats
- Understand their criticality
- Identify adverse scenarios
- Assess the probability of their occurrence
- Propose actions to reduce risks to an acceptable level.
Based on methodologies such as EBIOS or ISO 27005, the Risk&Co Group’s consultants analyse existing documents, hold workshops with their client’s different departments, putting the IT threats and the participants’ business expertise together.
Undertaken right from a project’s initial phases, risk analyses are regularly updated, as and when the technical elements (architecture, systems used, etc.) or organisational aspects (roles and responsibilities, implementation schedule, etc.) are identified. On this basis, specific recommendations facilitating decision-making are formulated.
Cybersecurity compliance and certification
While the various applicable texts (French military program bill, GDPR), in particular those for Operators of Critical Infrastructures (CI) and Operators of Essential Services (OES), are difficult to comprehend, they nonetheless constitute solid opportunities that need to be grasped in order to adopt a structured and robust security approach.
The Risk&Co Group’s consultants provide support both for developing a general strategy and for regulatory compliance.
With a good command over the various security components and with a vast in-house knowledge base, they assist their clients in defining and undertaking processes related to security certifications.
The Risk&Co Group’s cybersecurity expertise can be called upon during safety/security engineering missions.
The analysis of cyber risks is also a component of certain location analysis studies.