{"id":5868,"date":"2020-09-13T11:42:01","date_gmt":"2020-09-13T10:42:01","guid":{"rendered":"https:\/\/sertalink.com\/?page_id=5868"},"modified":"2020-10-24T00:40:13","modified_gmt":"2020-10-23T23:40:13","slug":"security-audit","status":"publish","type":"page","link":"https:\/\/sertalink.com\/fr\/security-audit\/","title":{"rendered":"Security Audit"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”3.24″][et_pb_row _builder_version=”3.24″][et_pb_column type=”4_4″ _builder_version=”3.24″][et_pb_text _builder_version=”3.24″]<\/p>\n

Cyber Security Audit<\/h2>\n

Suite \u00e0 une attaque sur le r\u00e9seau informatique d'une entreprise, des dysfonctionnements ont \u00e9t\u00e9 d\u00e9couverts au niveau de la s\u00e9curit\u00e9. Le gestionnaire de r\u00e9seau d\u00e9cide de commander\u00a0<\/span>un audit de s\u00e9curit\u00e9 de l'infrastructure informatique<\/strong>.<\/p>\n

Il veut\u00a0<\/span>le mettre en conformit\u00e9 sur la base des orientations de s\u00e9curit\u00e9<\/strong>\u00a0<\/span>pr\u00e9conis\u00e9 dans le cadre de l'audit.<\/p>\n

Context<\/h2>\n

Les principaux objectifs de cet audit de s\u00e9curit\u00e9 sont les suivants:<\/p>\n

    \n
  • Fournir \u00e0 l'entreprise une revue de sa s\u00e9curit\u00e9 informatique sur la base des aspects techniques et organisationnels observ\u00e9s.<\/li>\n
  • \u00c9valuez les diff\u00e9rences par rapport aux r\u00e9f\u00e9rences de s\u00e9curit\u00e9 de l'entreprise.<\/li>\n
  • D\u00e9finir les mesures pour mettre l'ensemble de l'infrastructure en conformit\u00e9.<\/li>\n<\/ul>\n

    La s\u00e9curit\u00e9 a conclu que des points forts \u00e9taient observ\u00e9s mais aussi des plus faibles \u00e0 am\u00e9liorer:<\/p>\n

    [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”3.24″][et_pb_column type=”1_2″ _builder_version=”3.24″][et_pb_text _builder_version=”3.24″]<\/p>\n

    M\u00e9thodologie<\/h2>\n

    Pour r\u00e9aliser un audit, Sertalink utilise une approche m\u00e9thodologique adapt\u00e9e aux diff\u00e9rents sujets et correspondant aux types de services demand\u00e9s
    Classification du niveau de risque<\/span><\/p>\n

      \n
    • Security policy<\/span><\/li>\n
    • Critical Security Controls<\/span><\/li>\n
    • Design compliancy vs security policy<\/span><\/li>\n
    • Current Network infrastructure and Access Controls<\/span><\/li>\n
    • Design Compliancy vs Corporate Security Policy<\/span><\/li>\n
    • Policy review<\/span><\/li>\n
    • Business Continutity Plan<\/span><\/li>\n
    • Incident Response Plan<\/span><\/li>\n
    • Quick business flow analyze<\/span><\/li>\n
    • Digital footprint (Mail (MX RECORDS), Websites ( Security Vulnerabilities, SSL-TLS version, Encryption\u2026)<\/span><\/li>\n
    • Remote access \/ Wifi<\/span><\/li>\n
    • Design review<\/li>\n
    • Conclusions<\/span><\/li>\n<\/ul>\n

       <\/p>\n

      [\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.24″][et_pb_image src=”https:\/\/sertalink.com\/wp-content\/uploads\/2020\/09\/secaudit.gif” _builder_version=”3.24″ custom_padding=”67px|||||”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”3.24″][et_pb_column type=”4_4″ _builder_version=”3.24″][et_pb_text _builder_version=”3.24″]<\/p>\n

      \u00c9TAPE 1: ENTREVUES ET VISITE DU SITE<\/h4>\n

      L'approche d'audit g\u00e9n\u00e9rale de Sertalink commence par un\u00a0<\/span>revue de la situation existante, \u00e0 travers des entretiens et des tests techniques<\/strong>.<\/p>\n

      a) R\u00e9union d'initialisation<\/h5>\n

      Une r\u00e9union d'initialisation est l'occasion d'expliquer les points suivants:<\/p>\n

        \n
      • Le domaine de l'audit, par exemple les syst\u00e8mes et processus \u00e0 analyser,<\/li>\n
      • La planification g\u00e9n\u00e9rale et les diff\u00e9rentes \u00e9tapes,<\/li>\n
      • Identification des informations \/ documents \u00e0 prendre en compte,<\/li>\n
      • Contacts et entretiens n\u00e9cessaires.<\/li>\n<\/ul>\n
        b) Entretiens et visites de sites<\/h5>\n

        L'analyse du niveau de s\u00e9curit\u00e9 existant repose principalement sur des entretiens avec les personnes impliqu\u00e9es dans la s\u00e9curit\u00e9, ainsi que sur des tests et v\u00e9rifications techniques, r\u00e9alis\u00e9s lors d'une visite des installations concern\u00e9es.<\/p>\n

        Sertalink formalisera un guide d'entretien qui sera approuv\u00e9 par le chef de projet \/ responsable informatique \/ s\u00e9curit\u00e9 informatique.<\/p>\n

        \u00a0
        \u00c9TAPE 2: ANALYSE DES RISQUES<\/span><\/p>\n

        Pour chaque composant, service ou fonction,\u00a0<\/span>Sertalink identifie et quantifie les risques r\u00e9sultant des menaces et vuln\u00e9rabilit\u00e9s d\u00e9couvertes<\/strong>. Pour chaque risque, l'analyse d\u00e9termine:<\/p>\n

          \n
        • Une description du risque.<\/li>\n
        • Les crit\u00e8res de s\u00e9curit\u00e9 consid\u00e9r\u00e9s (disponibilit\u00e9, int\u00e9grit\u00e9, confidentialit\u00e9, tra\u00e7abilit\u00e9).<\/li>\n
        • La probabilit\u00e9 du risque et son impact, \u00e9valu\u00e9s au regard des probl\u00e8mes de s\u00e9curit\u00e9 identifi\u00e9s \u00e0 l'\u00e9tape 1.\n<\/li>\n<\/ul>\n

          \u00c9TAPE 3: RECOMMANDATIONS ET PLAN D'ACTION<\/h4>\n

          Cette \u00e9tape vise \u00e0\u00a0<\/span>expliquer les recommandations de s\u00e9curit\u00e9 et formaliser le plan d'action associ\u00e9<\/strong>, en distinguant le tr\u00e8s court terme (actions \u00e0 r\u00e9aliser en priorit\u00e9 pour couvrir les principaux risques et dont la mise en \u0153uvre est facile) et le court \/ moyen terme (actions moins urgentes ou n\u00e9cessitant un investissement plus important)<\/p>\n

          Pour chaque recommandation, le plan d'action d\u00e9taillera:<\/p>\n

            \n
          • La description de la mesure.<\/li>\n
          • Son niveau de priorit\u00e9 de mise en \u0153uvre, montrant en premier lieu les actions urgentes \u00e0 mettre en \u0153uvre \u00e0 court terme ou permettant une am\u00e9lioration facile et rapide de certains niveaux de s\u00e9curit\u00e9.<\/li>\n
          • Son p\u00e9rim\u00e8tre (en termes de p\u00e9rim\u00e8tre, de risques trait\u00e9s\u2026).<\/li>\n
          • Ses pr\u00e9-requis techniques ou organisationnels.<\/li>\n
          • Ses \u00e9ventuels impacts sur la production.<\/li>\n
          • Une estimation du co\u00fbt de mise en \u0153uvre.<\/li>\n
          • Le risque r\u00e9siduel.<\/li>\n<\/ul>\n

            [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>","protected":false},"excerpt":{"rendered":"

            Cyber Security Audit Further to an attack of the computer network of a company, some dysfunctions were discovered at the security level.\u00a0 The network manager decides to order\u00a0a security audit of the computer infrastructure. He wants to\u00a0bring it into compliance on the basis of the security orientations\u00a0advocated in the framework of the audit. Context The […]<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"class_list":["post-5868","page","type-page","status-publish","hentry"],"yoast_head":"\nSecurity Audit | Sertalink Belgium & Luxembourg<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cyberrange.be\/security-audit\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Audit | Sertalink Belgium & Luxembourg\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cyberrange.be\/security-audit\/\" \/>\n<meta property=\"og:site_name\" content=\"Sertalink Belgium & Luxembourg\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/sertalink\/\" \/>\n<meta property=\"article:modified_time\" content=\"2020-10-23T23:40:13+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sertalink_bnlx\" \/>\n<meta name=\"twitter:site\" content=\"@sertalink_bnlx\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Organization\",\"Place\"],\"@id\":\"https:\/\/sertalink.com\/fr\/#organization\",\"name\":\"Sertalink Belgium\",\"url\":\"https:\/\/sertalink.com\/fr\/\",\"sameAs\":[\"https:\/\/www.facebook.com\/sertalink\/\",\"https:\/\/www.linkedin.com\/company\/sertalink\/\",\"https:\/\/twitter.com\/sertalink_bnlx\"],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/sertalink.com\/fr\/#logo\",\"inLanguage\":\"fr-FR\",\"url\":\"https:\/\/sertalink.com\/wp-content\/uploads\/2016\/09\/sertaLinkLogo.png\",\"width\":90,\"height\":112,\"caption\":\"Sertalink Belgium\"},\"image\":{\"@id\":\"https:\/\/sertalink.com\/fr\/#logo\"},\"location\":{\"@id\":\"https:\/\/www.cyberrange.be\/security-audit\/#local-place\"},\"address\":{\"@id\":\"https:\/\/www.cyberrange.be\/security-audit\/#local-place-address\"},\"email\":\"sales@sertalink.com\",\"telephone\":\"+3293109351\",\"areaServed\":\"Benelux\",\"vatID\":\"BE 0632.806.125\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sertalink.com\/fr\/#website\",\"url\":\"https:\/\/sertalink.com\/fr\/\",\"name\":\"Sertalink Belgium & Luxembourg\",\"description\":\"Your link to a safe environment\",\"publisher\":{\"@id\":\"https:\/\/sertalink.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/sertalink.com\/fr\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cyberrange.be\/security-audit\/#webpage\",\"url\":\"https:\/\/www.cyberrange.be\/security-audit\/\",\"name\":\"Security Audit | Sertalink Belgium & Luxembourg\",\"isPartOf\":{\"@id\":\"https:\/\/sertalink.com\/fr\/#website\"},\"datePublished\":\"2020-09-13T10:42:01+00:00\",\"dateModified\":\"2020-10-23T23:40:13+00:00\",\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cyberrange.be\/security-audit\/\"]}]},{\"@type\":\"Place\",\"@id\":\"https:\/\/www.cyberrange.be\/security-audit\/#local-place\",\"address\":{\"@type\":\"PostalAddress\",\"@id\":\"https:\/\/www.cyberrange.be\/security-audit\/#local-place-address\",\"streetAddress\":\"Gentse Steenweg 47\",\"addressLocality\":\"Lokeren\",\"postalCode\":\"9160\",\"addressRegion\":\"Oost-Vlaanderen\",\"addressCountry\":\"BE\"},\"geo\":{\"@type\":\"GeoCoordinates\",\"latitude\":\"\",\"longitude\":\"\"},\"openingHoursSpecification\":[{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Monday\",\"Tuesday\",\"Wednesday\",\"Thursday\",\"Friday\"],\"opens\":\"09:00\",\"closes\":\"17:30\"},{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Saturday\",\"Sunday\"],\"opens\":\"00:00\",\"closes\":\"00:00\"}],\"telephone\":\"+3293109351\"}]}<\/script>\n<meta name=\"geo.placename\" content=\"Lokeren\" \/>\n<meta name=\"geo.region\" content=\"Belgique\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","_links":{"self":[{"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/pages\/5868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/comments?post=5868"}],"version-history":[{"count":0,"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/pages\/5868\/revisions"}],"wp:attachment":[{"href":"https:\/\/sertalink.com\/fr\/wp-json\/wp\/v2\/media?parent=5868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}