Our Expertise in Cybersecurity
VONA is an independent consultancy that fosters a top-notch team of cybersecurity experts. They will be by your side, and support and guide you through your structural projects, with one main goal in mind: reducing your exposure to risks and protecting your assets to ensure you are free to focus on your business priorities.
We work closely with CISOs to provide the most appropriate support in the area of cybersecurity governance.
Cybersecurity – A Business Enabler
We firmly believe that cybersecurity is a collective responsibility that affects us all.
Our approach combines two intertwined objectives: guiding business departments in developing a cybergovernance strategy tailored to their unique business needs, whilst raising user awareness to ensure overall security.
We firmly believe that cybersecurity should not be a hindrance to your operations, but rather a critical enabler for your success.
Successful Risk Management as your next challenge
It is an undeniable fact that companies face an ever-increasing risk of cyberattacks, often resulting in substantial harm.
This is not a question of “whether” companies will suffer cyberattacks; it is now a question of “when”, “how often”, and “how bad the consequences will be”.
This situation is worsened by a variety of factors, among which:
- The alarming availability of malicious tools;
- The growing technicity and ingenuity of the perpetrated attacks, permeating even the most robust systems;
- The increasing level of professionalisation of cyberattackers, now able to launch targeted and large-scale attacks;
- The important regulatory pressure (GDPR, eIDAS, NIS 2, the French LPM, etc.).
Our Expertise
VONA is convinced that in order to truly control cyber risks, companies need to implement an effective, pragmatic, and appropriate cybergovernance.
Such cybergovernance must identify, coordinate, and draw from both technical and organisational resources to reach these goals:
- Protect / Anticipate / Plan: against cyber threats
- Detect / Understand / Assess: potential risks
- Respond / Act / Communicate effectively: in the event of an attack
- Recover / Learn / Improve: cybersecurity practices
Of course, this is easier said than done. To ensure the completion of said objectives, companies need knowledgeable, appropriately trained operational staff and top management. For cybersecurity it is not only a technical, but also a human stake.
Our Methodological Approach Is Adapted to Your Needs
We understand that every business and organisation requires cybersecurity measures that are tailored to their unique structure and the specific challenges they face.
Therefore, our first step is to gain a deep understanding and a clear vision of our clients’ businesses, challenges, and constraints. Each client is unique, and so every solution must be customised to meet their specific needs.
Understand
- Understand the client’s business operations and activities
- Identify their stakes and constraints
- Gather the clients’ needs
- Clarify the mission
Plan
- Set up a cybergovernance
- Identify the stakeholders
- Assess your current cyber maturity and what remains to be done
- Draw up an action plan and a roadmap
Implement
- Implement the relevant solutions, in accordance with the plan and priorities
- Formalise your cybersecurity processes through documentation
- Give you the ability to both anticipate and respond
- Produce meaningful KPIs
- Give greater overall visibility
Support
- Strengthen your autonomy regarding cybersecurity
- Provide any additional information needed
- Discuss potential new needs
- Train and raise awareness to all stakeholders
Our approach
Strategy
We guarantee to:
- Align your cybersecurity strategy with your overall business strategy
- Define strategic orientations, taking into account the main risks faced by your company and its level of cyber maturity
- Raise awareness among top management, and set a budget proportionate to the issues and risks that need to be addressed
- Anticipate innovation, and become a business enabler
- Ensure the effectiveness of your sourcing strategy, and define a Human Resource Planning process regarding the cybersecurity sector
Governance
- Propose a cybergovernance system that is consistent with the company’s organisation and supports the transformation of the digital space
- Implement a comitology surrounding data governance
- Drive the strategic roadmap and strive to achieve your key objectives
- Define the roles and responsibilities of every stakeholder involved in the protection of informational assets
- Ensure legal and normative compliance
- Set up a coherent ISS frame of reference (general policy, specific procedures and processes, etc.)
- Set up controls and promote continuous improvement
Operational and Transformational Aspects
We dedicate ourselves to steer the business and IT departments in improving operational security, especially in the following areas:
- Integrating security-by-design when handling new projects or RFPs
- Conducting risk analyses and audits
- Becoming ISO 27001 certified
- Ensuring GDPR compliance
- Promoting cyber innovation
- Building Business Continuity and Recovery Plans
Awareness and trainings
- Ensuring that the cybersecurity training plan is consistent with the HRP strategy
- Ensuring that awareness sessions’ frequency and level of detail are adapted to your specific security stakes.
KPI reporting and monitoring
- Define, produce, and analyse KPIs
- Produce dashboards
- Provide supportin decision-making
Stratégie
- Aligner la stratégie cybersécurité avec la stratégie générale de l’entreprise
- Définir les orientations stratégiques en tenant compte des principaux risques de l’entreprise et du niveau de maturité en Cybersécurité
- Sensibiliser le Top management et porter un budget proportionné aux enjeux / risques à couvrir
- Anticiper l’innovation et incarner un rôle de business enabler
- Assurer une stratégie de sourcing pertinente et définir une GPEC sur la filière cybersécurité
Gouvernance
- Proposer une cybergouvernance cohérente avec l’organisation de l’entreprise pour accompagner la transformation de l’espace numérique
- Contribuer à mettre en œuvre une comitologie autour de la gouvernance de la donnée
- Piloter la feuille de route stratégique et veiller à l’atteinte des objectifs clés
- Définir les rôles et responsabilités des différent.e.s acteur.rice.s de la protection du patrimoine informationnel
- Assurer la conformité
- Elaborer le référentiel SSI (politique générale, politiques thématiques, …)
- Piloter les actions de contrôle et d’amélioration
Excellence opérationnelle
- Définir l’organisation de cyber-résilience et assurer la sécurité des opérations
- Veiller à une démarche d’intégration de la sécurité dans les projets et les initiatives digitales
- Élaborer le référentiel Opérationnel de Cybersécurité (niveau de sécurité du catalogue de services IT, notes de sécurité, processus, procédures et outillage)
- Être sponsor et piloter les programmes de sécurité
- Accompagner à la mise en conformité RGPD de l’entreprise et des grands projets
Sensibilisation et Formation
- En cohérence avec la GPEC, s’assurer de la prise en compte des besoins de formation spécifique cybersécurité
- Assurer une sensibilisation à la cybersécurité adaptée et récurrente pour l’ensemble des populations ayant accès aux systèmes d’information
Transformation
Accompagner les métiers et SI dans la sécurisation de leurs programmes, notamment dans les domaines suivants :
- SI industriel
- Innovations technologiques (IoT, IA)
- Connectivités critiques
