Through experience, we have acquired a vast knowledge of all the different security problems in the market today. They arise directly from the needs and constraints of each of our client’s business functions.
These security requirements are defined through evaluating the risks and opportunities. Security constraints, such as Industry Standards and Regulations, must also be taken in to account.
Based on these factors, we have structured our services to deliver a comprehensive approach to your Information Security needs.
LINEON : Your Partner in Security :
Build a durable trust
relationship with our clients,
Understand your business context
and needs in order to help you
meet your objectives,
Work in partnership and exceed your
expectations, so that you may remain flexible in your business
Elicit the best possible solution for you,
drawing upon more than 15 years experience in security gained in a variety of
customers and business environments (telecoms, defence, industry,
public, fincance, …)
To make security contribute to your performance:
Through a relevant analysis of your
Making security contribute to
the improvement of your company performance,
With concrete, efficient and innovative solutions,
Giving priority to your investments and economic objectives.
Professional information security expert for over 12 years, Sebastien has built his expertise through several missions to major businesses, whose diverse business challenges have enabled him to understand information security pragmatically while controlling key points of adhesions, specific to each business (industry, Telecom, Banking, Defence).
His taste for management and his desire for creativity led him, in 2009, to create the Business Unit Conix Security, through which he contributed significantly to the growth of Conix Services group.
A passionate professional in information security for nearly 10 years, Sylvain was able to develop his knowledge through working with client to solve issues and problems which were as rich as they were varied (industry, telecom, defence, services), focusing on quality of service, he delivered solutions in a pragmatic and rational with value to the client.
His commitment, sense of service and entrepreneurial desire led him to participate, with Sebastien, to create Business Unit CONIX Security and to contribute significantly its development and its excellent performance.
A professional information security expert with 18 years experience, during his career Olivier has been exploring the issues and problems of information security according to many points of view within various market: industry, telecoms, defence. This experience has been built on the basis of diverse and enriching tasks to operational aspects of projects or the Information Security Solutions. All this led him to participate with Sebastien to the creation of Business Unit Conix Security where within two years he trained a team of over 25 people, al of whom are now experts in the field of Information Security.
With over 6 years direct experience implementing Information Security within the Armed Forces, Matthew’s career has seen him managing projects, delivering technical solutions and enforcing HMG IT Security Standards in operational and domestic environments both in the UK and Overseas. Most recently, he has worked passionately with deployed medical IT systems, resolving technical and security issues to deliver patient safety and system performance.
One of the main tasks of the CISO is the security management information system. This is developed in accordance with the company’s business strategy to protect the information assets and means of production against any threat, accidental or malicious.
One of the main areas of improving the management of the security activity is the provision of communication. In effect, this enhances the passage of information, in order to facilitate decision making by business management.
The production of these communication elements involves the use of the appropriate tools to obtain information about the current state of security across the system and visualize trends associated with its development.
In most cases, the CISO can already rely on reporting tools or operational supervision. However, these tools are not always able to synthesize the best information for the relevant indicators. Because of the large number of indicators and their highly technical nature, it can become very difficult to communicate effectively with non- security specialists.
Identifying information, qualifying it and defining how it will be organized in order to produce a synthesis suitable for targeted communication is a crucial element in a strategy for effectively controlling information security .
Pitfalls to avoid
One of the points that can hinder the establishment of a panel, is that it is often considered necessary to maximize the number of technical indicators . Indeed, it is always more rewarding and reassuring to be able to communicate around a simplified yet mature information model.
Developing a draft implementation of the Dashboard in a continuous improvement approach avoids this pitfall . Even if you do not have all the information possible, hotspots are generally properly addressed either technically or by collecting the opinions of experts. This allows us to produce a first panel, and then to change it over time as the information system grows and matures. One indicator may also be the measure of the level of maturity and its evolution over time.
Our answer to this problem comes directly from our research work on Security Dashboards.
It is based on the following points:
The identification and selection of synthetic security indicators
The mathematical model to produce these synthesized indicators taking into account the transverse aspects of security
Different ways to represent these indicators for aspects of control as well as communication.
A method and tool for managing your business risks.
LINEON offer a pragmatic assessment of risk consistent with business issues because we use the foundation of a successful ISS governance.
Based on methodologies of ISO / IEC 27005 and ISO / IEC 31000, LINEON has a proven expertise in the fields of analysis and management of IT risks.
An understanding of the challenges facing your business,
Discussions with different types of stakeholders,
(operational, functional, business, top management),
Methodological base which has been internationally validated.
For implementing or auditing the Management System Safety Information Society (WSIS)
Supporting the implementation and execution of WSIS audit within your business
LineON assists you in the implementation of Management Systems Security Information.
This quality approach of ISS governance enables the company to systematically manage security and ensure it is structured and effective for:
Continuous improvement (PDCA).
Our added value:
A pragmatic approach adapted to the context and means of our customers
The use of risk management expertise as the cornerstone to the approach for a solution
A mastery of normative guides, both generic (eg ISO / IEC 27002), and targeted (eg ISO / IEC 27011 on trades Telecom)
Certified personnel ISO / IEC 27001 (Lead Auditor / Implementer)
Defence (MOD) and Classified environments
Management, audits or controls for your classified defence environments.
IT management issues in the classified defence environment
MOD procedures and legislation on the management of Protectively Marked material constantly evolves. Unless you conform to the new standards then existing contracts or List X sites could be placed in jeopardy.
LINEON has expertise on these issues resulted offering customers concerned:
A thorough knowledge of the relevant HMG IT Security and Information Management policies
Experience in the implementation of secure technical infrastructure
Compliance audits in order to maintain accreditation and fulfil requirements under the regulations in force.
Our added value:
A thorough knowledge of the relevant regulations (CESG standards, JSP 440, etc)
Security Cleared staff (at all levels) with experience working with the MOD and government.
Optimize ROSI (Return On Security Investment) by taking into account the various security elements in your projects and programmes.
We have strong expertise, backed up by our reputation, in delivering an ISS model approach to the underlying issues and, through vast experience implementing the necessary technology, we assist our clients in an « end to end » solution, from the « Build » phase to the « Run » phase their projects. Through the varied skills of our expert staff we offer solutions adapted to each specific function of your business and the threats it faces.
Whether it be at the heart of your business, or only in support of it, the management information system and especially the security of it plays a more and more crucial role in today’s world.
Your business needs to be on top of current regulatory aspects but also the associated risks that could jeopardize processes, business continuity and, ultimately, your cash flow.
We support you in securing your entire system, our speciality is the security of information and information systems, but we are also capable of finding the best products for your business and implementing them through our team of experts.
Protecting your corporate network can be daunting in it’s complexity. We offer your business the ability to rely our technical resources (backed up with industry qualifications such as CISCO)
We can also accompany you in your day-to-day operations:
The realisation of secure redundancy architecture to ensure high availability as well as fault tolerance.
Application of industry security standards and best practices within your projects (ISO 2700x, etc)
Incident forensics (root cause analysis/identification and action plan proposals)
High level support on main security solutions with the most up to date implementations as guided by industry best-practice or the OpenSource community
You do not have an organic IT Security capability? Being unable to afford your own Full-Time IT Security team does not mean that you will not come up against security issues or compliance obligations during your programmes or projects. We can provide cost-effective assistance to you through the entire Corporate Programme, on specific projects or to specific functions. Whatever your requirement we can help you to define the appropriate sizing or check the consistency of the configuration in relation to your policies and procedures.
Because protecting your corporate network can be as important as it is complex, we offer you the opportunity to rely on us for implementing your technical resources by our staff who are certified by major manufacturers (Cisco CCSP, Fortinet FCNSP, CheckPoint etc..).
LINEON offers the expertise of its consultants to resolve your specific issues:
Manage your security equipment (operational maintenance, patch management, administration):
Firewall (Cisco, Fortinet, Juniper, …)
Proxy / reverse proxy/ application proxy
Antivirus and antispam
Authentication Server (Strong authentication, Radius, LDAP, …)
Define the prerequisites and implement IPSec and SSL VPN tunnels (eg : Fortigate, Juniper Secure Access, openSSL, …)
Monitor your network:
SIEMS Solution (Security Information and Event Management System) to trace activities and threats through automated logs analysis,
System network flows analysis via IPS / IDS probes (Snort, Cisco, Netasq, Juniper, …)
Post-incident analysis and forensics
LINEON performs audits for its customers whether they be of a technical, organizational or functional nature, or through a penetration testing approach with a main objective :
To develop value to your business through audit and analysis of your business risks.
With our expert technicians, LINEON is able to cover all technological environments, such as:
WEB and WEB 2.0
System and network infrastructures
Telecom (data connectivity, IAD/STB, …)
Our added value :
An innovative audit reporting approach aims to provide:
Action plan prioritisation regarding the identified business risks
Investment justification through a ROSI (Return On Security Investment) assessment
Provide the IT Security stakeholder with feedback to communicate with business entities, top management or the public.
Use of recognised technical and functional ISO standards, in order to assess compliance:
OWASP for the WEB environments
ISO/IEC 19001 for the audit approach formalisation
ISO/IEC 2700X – I.T. Security referential
PCI-DSS (Payment Card Industry – Data Security Standard)
Regulatory framework for environments classified defense (IGI 1300/II 920)
Intrusion testing (Pen-Testing)
The Intrusion Test is designed to test the robustness of the security of the information system of the company if it happened to be the target of a real attack targeted or not.
The consultant in charge of penetration testing will take the approach of a potential attacker to compromise existing security measures to exploit the computing resources of the company, manipulate or steal information, for example.
Through its technical expertise and technology watch on the latest developments in computer security, it will implement the tools and techniques commonly used by hackers in the case of current or past real attacks.
The major difference with a real attack is the strict observance of the charter signed with the client, including the respect for the integrity of the systems specified and strict confidentiality of the information collected. It is in other words an attack « blank » allowing customers to test its safety in the real world and proactively without the risks associated with a malicious attack (lost productivity, information theft, damage to reputation and / or brand …)
After the penetration test, a detailed report is submitted describing the vulnerabilities discovered and the severity of the impact on the security of the information system of the company.
Finally, a set of corrective measures proposed to return to the level of safety expected.
The term Computer Forensics covers the entire process, knowledge and methodologies required to gather evidence, conserve a legal chain of custody and analyse the scene in order to support any legal framework for any eventual lawsuit.
The collection of digital evidence could, for example, lead us to:
retrace the logs of a single or group of machines
analyse data, even if they have been deleted (deliberately or accidentally)
retrace browsing history
finding traces of documents, emails, etc
Legal procedures can be difficult, we support and assist you on site for all of these investigations.
We can also work upstream of these procedures in order to avoid doubts. For this, we use digital evidence to foresee and report issues. This allows the board or relevant managers to make the right decision.
Real-world example: Eliminating doubt in an investigation about illegal downloading.
By comparing several search strings, it was possible to trace the navigation of the suspected person (even though he thought he had cleared the browser cache), as well as the images he had erased and those he had hidden in a partition on his work laptop. The establishment of the evidence and the expert report allowed the company to take the necessary measures.
LINEON accompanies large groups in their security policy information.
The 2013 edition of the Symposium on Security of Information Technology and Communications, which takes place on the campus of the southern suburbs of the University of Rennes annually brings together major players in the security and enthusiasts come to share and exchange on the subject.
The 2012 edition of the Symposium on Security of Information Technology and Communications, which takes place on the campus of the southern suburbs of the University of Rennes annually brings together major players in the security and enthusiasts come to share and exchange on the subject.