Slice 1

Practice areas

Below, our main though not exclusive areas of expertise and experience.

IT Security

Our skills

The Custax & Legal team has been strengthened with specialists in information systems and cyber security. In addition, preferential partnerships have been set up with experts to respond to specific requests for assistance.

Information Systems & Cybersecurity

  • Raising awareness and providing training in the requirements and best practices (e.g. ISO 27002, 29100, SGDSN, etc.) relating to the IT environment
  • Securing workstations, nomadism, the network and the administration of the entire IT perimeter
  • Designing, implementing and managing projects aimed at reinforcing the security of systems and data.
  • Assisting with the drafting and implementation of internal security procedures
  • Steering projects to secure information systems
  • Implementing applicable security standards (RGS ANSSI, CLUSIF, ENISA, NIS2, etc.)
  • Addressing the specific nature of SaaS, ES Cloud solutions, etc. in the management of intangibles. 
  • Initiate Zero Trust Network Access”, “Cloud Access Security Broker” approach …
  • Ensuring compliance with the regulatory obligations of “Security & Privacy by design
  • Supporting specific certifications eg. HDS, DORA, “Infrastructure provider” …
  • Working closely with the technical teams to resolve security problems
  • Working with the teams in charge of suppliers to ensure the alignment of their services with security requirements.

Information Systems Governance & Risk Analysis

  • Helping to optimise/organise or set up an ISSM or CISO
  • Outsourced ISSM or CISO function
  • Issuing the requirements and recommendations needed to ensure the security of the company’s information systems and data protection.
  • Drawing up and deploying IS policies, in particular Information Systems Security Policies (ISSP), and ensuring that they are applied by all stakeholders- Auditing and identifying threats and risks in order to correct identified flaws and vulnerabilities
  • Assessing cyber risks and impacts on IT resources and projects
  • Assessing and analysing in depth the risks associated with information systems and data protection
  • Assisting with regulatory security audits of IT resources,
  • Keeping a regulatory and technological watch to anticipate developments requiring adjustments to security strategies
  • Setting up approval committees (eg. ii901)

Resilience

  • Cyber defense strategies, prevention (Data Leak/Loss Prevention), monitoring (Security Operation Center)
  • Drawing up and reviewing business continuity and crisis management plans
  • Resilience review:
    • maintaining the information system’s virtual infrastructure in operational condition
    • maintaining the information system’s application hosting platform in operational condition
    • administering and operating the information system containing controlled/regulated data

Security & Privacy by design

  • Auditing project management in relation to IT security
  • Supporting the deployment of dedicated frameworks depending on the data to be protected (CSA, ISO27005, ISO27018, TOGAF, Zachman, etc.)
  • Conducting PIA personal data protection studies
  • Proposing agile methodologies for taking security into account in projects
  • Reviewing security and business continuity clauses in customer and supplier contracts.

Crisis Management

  • Identifying crisis or pre-crisis situations in relation to residual risks
  • Training in crisis management
  • Setting up and running a crisis management unit using the company’s resources
  • Reporting to and interfacing with the authority with regard to reporting obligations

Our experience

Our information systems experts have extensive experience in implementing compliance with applicable requirements (Interministerial Instruction 901). They also know how to support compliance with directives and standards.

  • Ability to understand both the business challenges and the specificities of the security of a company’s information, flows and physical installations
  • Method of change management
  • Assistance with ISO standards and regulatory compliance
  • Training and advice on crisis management and dedicated audits

Would you like to call on our firm ?

Contact us