IS and IT security strategy

Assisting CIOs, CISOs and CTOs in the digital transformation and security of companies. By accelerating traditional decision-making cycles, systematically integrating feedback from the field and combining functional, technical and security expertise.

Master plans and roadmaps

  • IS: application & data strategy
  • IT: move to Cloud, ATAWAD strategy, infrastructure redesign
  • SSI: security strategy, implementation of ISP, transformation of governance and evolution of security models

IT & ISS project management

  • Market studies, business cases
  • Marketing of the ISD, definition of services
  • RFP, RFI, RFQ, RFP SOC, RFP SD-WAN...

Maturity, compliance & performance analysis

  • IS: 360° cyber diagnosis
  • Organization / governance of IT & operational departments (ITIL 4, SAFe, ISO 27001)
  • Compliance (PCI-DSS, ISO27001, HDS, LPM...)
  • Efficiency of DevSecOps models
  • SOC performance

Decision by risk

  • Financial quantification of risk: SPICE methodology
  • Risk analysis: EBIOS RM methodology

Les offres

IT Transformation Strategy / roadmap and business case

Objective

  • Aligning IT projects with business challenges
  • Anticipate and understand the technological evolution of the market
  • Formalise and prioritise projects
  • Gain visibility (medium and long term)
  • Frame IT budgets (CAPEX / OPEX)
  • Estimate the capacity to execute (resources and skills)

Approach

The team in charge relies on the technological watch carried out within the firm and on its good knowledge of the market players

  • Understanding of needs and analysis of the existing system
  • Definition of evolution scenarios - Target
  • Roadmap of IT projects
  • Business case and preparation of IT budgets (TCO)
  • Projection of business transformation

Market watch: state of the art / RFI / RFQ

Objective

  • Aligning IT projects with business challenges
  • Anticipate and understand the technological evolution of the market
  • Formalise and prioritise projects
  • Gain visibility (medium and long term)
  • Frame IT budgets (CAPEX / OPEX)
  • Estimate the capacity to do so (resources and skills

Approach

The team in charge relies on the technological watch carried out within the firm and on its good knowledge of the market players

  • Understanding of needs and analysis of the existing system
  • Definition of evolution scenarios - Target
  • Roadmap of IT projects
  • Business case and preparation of IT budgets (TCO)
  • Projection of business transformation

Conduct of consultation / Call for tenders (RFP)

Objective

  • "Controlling and managing the development of its information system and the services offered by the IT department to the Business Lines
  • Define the best sourcing strategy (make or buy)
  • Identify partner(s) capable of supporting the teams over the long term
    Optimise IT costs"

Approach

A structured and comprehensive approach that combines high functional know-how, technical expertise and real operational experience.

  • Analysis of the existing situation
  • Collection of requirements
  • Writing of specifications
  • Support to conduct the RFP and its bidders

Architectural design and project scoping

Objective

  • Control of IT assets
  • Harmonisation of standards
  • Improvement of service quality and security
  • Optimisation of operational efficiency

Approach

Definition of a target architecture taking into account technological developments in the market

  • Analysis of the existing system
  • Collection of needs and analysis of technological developments
  • Definition of target architectures
  • Definition and writing of IT standards
  • Presentation and distribution of the standard

Audit and risk analysis

Objective

  • Anticipating risks before conducting projects
  • Identify existing risks
  • Controlling risks

Approach

A senior team certified and experienced in risk management, able to provide appropriate recommendations

  • Audit
  • Identify risks
  • Analyse, prioritise and evaluate risks
  • Conclusion
  • Recommendations

Marketing of IT offers

Objective

Services based on real experience in the field and a detailed knowledge of technical and financial constraints

  • Responding to the needs of internal customers / business lines
  • Building IT services from the technical building blocks
  • Designing a professional offer with adapted service commitments
  • Defining a coherent pricing policy and anticipating re-invoicing issues

Approach

Understanding the challenges and supporting the IT department's marketing teams

  • Analysis of internal customers' needs
  • Framing and business case for services
  • Designing the Service Offers Catalogue
  • Evolution management of the service offer

Identification of use case data / workshop

Objective

  • "Aligning IT projects with business challenges
  • Define and prioritise quick win projects
  • Frame IT budgets (CAPEX / OPEX)
  • Estimate the capacity to perform (resources and skills)
    Generate value"

Approach

The client team and EVA Group experts meet for a workshop to identify and prioritise use cases using a simple and effective approach based on a Serious Game:

  • Study of the existing situation and needs
  • Define the necessary Cloud infrastructures
  • Study including infrastructures / interconnections / HUB
  • Define a service migration approach

Data Project Development

Objective

  • Develop high ROI projects
  • Generate value
  • Develop new services / products
  • Improve operational wins

Approach

Understanding of the needs, then development using a simple and agile methodology:

  • Kick off meeting, study of the existing and the needs
  • Define the project's roadmap
  • Challenge the models
  • Intermediate evaluation

Diagnostic cyber 360°

Objective

Our Cybersecurity Diagnostic is composed of an organisational and technical analysis to identify information risks, IT risks and assess the level of maturity of the organisation against Cyber risks.

  • 8 control areas
  • ANSSI hygiene guide
  • GDPR
  • ISO 27001/2 best practices

Approach

The team establishes an initial 360° flash diagnosis of the company's security in order to assess the overall level of maturity

  • Mission kick-off
  • Documentary analysis
  • Interviews with IT & ISS responsibles
  • Formalisation of the findings and associated risks
  • Workshop to share and compare findings
  • Workshop to share recommendations and improvement areas
  • Intermediate report
  • Intermediate presentation

8 areas of cyber control

SPICE

Objective

SPICE is our in-house developed methodology to financially quantify the impact of a cyber attack:

  • Identify cyber risk profiles related to your activity
  • Set up a strategic level decision support
  • Highlight possible attack scenarios

Approach

Assessment of four basic aspects:

  • The specific threats to the company
  • Its maturity
  • The exposure rate to cyber risks
  • Business impact assessment

Overview of offers

Our mission is to protect information assets
and to guarantee an efficient IS, serving our Clients' businesses.
We have designed our offers around three pillars with complementary and transversal missions.

Nous avons conçu nos offres autour de trois pilliers...

Mastering the cyber risks of organisations

Identify, protect, detect, respond and recover

Imagine, build and operate innovative and efficient IS

… trois piliers aux missions complémentaires et transversales :