Expertise engineering

We are pure players in cybersecurity. Our team of experts therefore delivers a top-quality engineering service, in line with the business constraints of our corporate customers.

Since our inception, we decided to devote our cyber expertise to a few areas of business including critical and embedded systems.

We are therefore very much aware of all of your business constraints and apply them to every step of the support process, whatever your needs.

We have created Skills Centres in order to ensure responsiveness and relevance when choosing our engineers, for the missions you entrust to us.

bg_interne_visuel.jpg

Our skill centers : vacancies per sector

Benefiting from our Skills Centre means having the best profiles in our various divisions, according to the context of your business. We have a multi-skilled team (hacker, functional, risk analysis, architecture, developers, CDP, etc.) dedicated to your project. The benefits: we mobilise the right skills at the right time for you; our top professionals are made available to you, your project is well-structured and we work very closely with your team.

AERONAUTICS AND AIR TRAFFIC CONTROL

Security by Design and assessment of critical air navigation infrastructures and systems & securing aircraft components within the framework of its certification.

DEFENCE AND SPACE

Our Centre of Expertise and Excellence makes multidisciplinary engineers available to players in the space sector, capable of meeting the specific needs of the sector in terms of the accreditation of systems, ground segments and cybersecurity (GNSS and EGN).

FORENSIC

Our Computer Forensic Laboratory houses all the tools and skills necessary to manage security incidents and to file complaints.

HEALTH AND PUBLIC SECTOR

We support health care facilities in their GDPR compliance and achieving ISO 27001 HDS certification, in line with the priority of data protection and patient care protection.

AUTOMOTIVE

Risk analysis, securing and assessment of embedded automotive, public transport and cloud components on the specific vehicle.

IOT INDUSTRIAL

Today's R&D department produces tomorrow's tools to improve the security of IoT systems at the level of equipment, connections and cloud backend.

Use cases

Management of the risks and conformity of the information systems is essential when working in numerous industries. It must be systematically implemented and organised to ensure full control of the operations. SCASSI engineers advise you through every step of the process, from diagnostics right through to implementing, inspecting and improving your equipment, in order to ensure they conform with the regulations and your risk management policies.

SCASSI supports you in implementing a security management system through an approach based on the risk analysis.

Our cybersecurity technical skills

  • EBIOS risk analysis on a complete system
  • Risk analysis, definition and processing of security requirements on dual systems (civil/military)
  • Risk analysis on business referentials (e.g. TARA)
  • Compliance with the French Committee for Banking Organisation and Standardisation (CFONB) for online banking systems
  • ISO 27001 HDS certification support
  • Organisational and physical audits
  • Support with designing secure software architecture
  • Performance of “custom” risk analyses or packaged offers
  • Securing the processing of personal data (CNIL, GDPR)
  • Analysis and support for regulatory and normative compliance: ISO 27001, MPL, ii901, GDPR, RGS, HDS, PCI-DSS
  • Security process: approval of IS, security in projects, access management, etc.
  • CISO coaching and security policies
  • Security guidance and management (indicators, dashboards, master plans, etc.)
  • BCP and BRP: emergency strategies, steering, crisis management
  • Provision of requirements and security specifications – Business project management support/IT project management support
  • Support towards MPL conformity
gouvernance_square.jpg

Our customers are the best proof...

logo-cegedimactiv.png

“SCASSI has contributed significantly to achieving initial ISO 27001 certification for our "Cloud Services" activities, by providing the appropriate advice and expertise for this strategic project.“

Pierre DARPHIN
Cloud Services Department Security & Quality Manager, CEGEDIM ACTIV

The information system is at the heart of the production tool. It is vital to guarantee an optimum protection level to the company and its resources. SCASSI engineers support you in ensuring that the security infrastructures are designed and operated optimally. The objective: to guarantee applications and users a secure and robust communication platform and support the business effectively.

Our cybersecurity technical skills

  • Infrastructure audit
  • Security by Design of business information systems
  • Creation and management of a business-focussed SOC (WINSOC offer)
  • Optimisation of cybersecurity infrastructures (OPTIMIZE offer)
  • Securing of ICS and SCADA architectures and infrastructures (automatons, ModBUS, etc.)
  • II901 conformity
  • Management of vulnerabilities
  • Access control (authentication, rights management, etc.)
  • L2/L3 architecture (high availability, optimisation, etc.)
  • Defence in depth, perimeter security (WAF, Proxy, etc.)
  • Incident monitoring & management (SIEM, logs, alerts, etc.)
  • Laws and regulations
infrastructure_square.jpg

SCASSI engineers assess the resistance of the system and support you in defining and implementing the security requirements for all industrial projects, until the necessary approvals are obtained

Our scopes of action are business information systems, critical and embedded systems and information systems.

Our cybersecurity technical skills

  • Intrusion tests (PENTEST):
    • Black box, grey box and white box mode
    • From internal infrastructures or from the outside,
    • Public information research
  • Code audit (C/C++, PHP, Python, Java, Node.js, etc.)
  • Configuration audit
  • Joint audit (website + mobile application , IOT + management infrastructure)
  • Web domains, applications, systems, critical embedded, IOT, mobile
  • Management of cybersecurity in software development projects
  • Application security and development practices audit
  • Development environment audit
  • Forensic analysis (dead or live), evidence gathering, analysis of the sources of an intrusion
  • Software Vulnerability Analysis (SVA) methodology
  • Designing secure architectures OR cybersecurity embedded/COTS architecture
  • Vulnerability management: COTS mapping (e.g.: AUTOSAR component, Linux Yocto project, etc.), vulnerability flow control
  • Intrusion tests on IS and Product LifeCycle Management applications
  • Cybersecurity support in certification processes (DO-178C, ECSS, ARINC, etc.)
  • Support to secure technologies under Export Control
  • Assessment of vulnerabilities in relation to PCI-DSS
    • State of play and action plan
    • Project management of the roadmap
    • Dry run audit – preparation for the certification audit
evaluation_square.jpg

STANDARDS USED

  • Common standards ISO 15408 - CVE/CWE - CAPEC - OWASP - OSSTMM - ISAAF
  • ARINC standards for aeronautics

TECHNICAL ENVIRONMENTS

  • Linux - Windows - C/C++ - PHP - JAVA Tomcat - Apache
bg_interne_evaluation_repository.jpg

Cybersecurity support during projects

We are involved in every phase of your projects

Schema-En.png

Our customers are the best proof...

logo-rockwell.png

“Given their expertise in the field, we have chosen SCASSI to support us in performing intrusion tests on several of our embedded systems.“

Jérôme LEPHAY
Rockwell Collins France

logo-cpr.png

“Scassi has conducted a code audit for us. Using a flexible and results-oriented project method, SCASSI engineers demonstrated their adaptability and ability to come up with proposals. They issued recommendations and conclusions which now constitute a base which can be reused in other activities aimed at improving and securing our applications. “

Christelle BOUFFETY
IT Department Service Manager, CPR SNCF

en construction ...

Our delivery methods

ON-DEMAND SERVICES

IMPLEMENTATION OF FIXED-PRICE PROJECTS

For over 13 years, in order to meet our customers’ requirements, SCASSI has worked on industrialising its processes using different methods: PASSI, Agile… and using different tools on the market (EGERIE) and its own tools (Auditool, GDPR Platform, PASSED), as part of a continuous improvement initiative.
As a trusted third-party, our customers benefit from a standardised framework ensuring better management in order to meet their needs. This industrialised model therefore allows us to capitalise on the services delivered, to standardise them and to benefit from feedback in order to further improve the service provided.
At SCASSI, over 70% of our activities are delivered on a fixed-price basis. We pool certain driving forces on several projects and have real experience of improving the skills of our employees across the various projects.

CENTRE OF EXPERTISE AND EXCELLENCE - SKILL CENTER

At Scassi, our mission boasts a comprehensive approach, including both the technical skills and excellent knowledge of our customers’ professions. To do this, we are structured in the form of a Centre of Expertise and Excellence which enables all the technical/functional skills to be grouped together for each customer's business sector: Defence & Space, Aeronautics, Health & Public Sector, Automotive, Industry.
This structure is a major differentiating factor! Knowledge of each industry's challenges and constraints experienced by our customers allows us to be more relevant and effective in achieving our missions.

TECHNICAL ASSISTANCE

We make the skills of our employees available to our customers in the form of technical assistance: functional, technical, support.