Secure

Overview

The design of an information system inevitably begins with an analysis of the existing setup and associated risks. This step includes an assessment of the company's needs and helps identify the essential assets to protect, allowing the definition of an Information System Security Policy (ISSP). An architecture for the information system can then be defined and deployed, meeting the previously established security requirements. The human factor is the main risk factor, so staff awareness and training are essential. Moreover, attacks are increasingly common and sophisticated, so it is important to rely on existing methods and standards, comply with the legal framework, and regularly update the security policy.

Scenario

Example scenario:

• Analysis of the existing system and study of security needs for a small organization
• Evolution and compliance update of a company's information system

Key Components

• CE 1.01 | by choosing appropriate network solutions and technologies
• CE 1.02 | by respecting the fundamental principles of IT security
• CE 1.03 | by using a rigorous approach to troubleshooting
• CE 1.04 | by complying with business rules
• CE 1.05 | by ensuring technological watch

Critical Learning

• AC 24.01Cyber | Know and use cybersecurity best practices and recommendations
• AC 24.02Cyber | Implement fundamental tools for securing a network infrastructure
• AC 24.03Cyber | Secure services
• AC 24.04Cyber | Choose cryptographic tools adapted to the functional needs of the information system
• AC 24.05Cyber | Know the different types of attacks
• AC 24.06Cyber | Understand technical documents in English

Related Projects

Here are the SAE projects that required the skill of administering networks and the internet:

• SAE 1.02: Introduction to computer networks
• SAE 1.05: Data processing