White papers

Cybersecurity

The Airbus Approach for Cyber Security in the Rail Sector

The rail sector is shifting to a new paradigm of digitalisation to bring in efficiencies to counter the increased demands of travelling passengers and goods transport, while ensuring the highest safety and security of the infrastructure. To achieve this goal, Rail Operators have adopted modern systems combining IT and IoT technologies. Digital transformation strategies within the Rail sector include more connectivity for Industrial Control Systems (ICS), increasing their exposure and potentially making them more vulnerable and exposed to cyber-attacks.

Download
Cybersecurity

SOC 4.0 – Managed Security Services

Why a SOC service is needed? A Security Operations Centre (SOC) is defined as a combination of experts, tools and processes to help prevent, detect, analyse and evaluate security risks. A SOC will also coordinate and monitor the remediation of security incidents in Information and Operational Technology infrastructure.

Download
Cybersecurity

Risk and Compliance two complementary approaches

Companies face multiple risks. Knowing how to manage and take risks is part of the daily life of a CEO or an entrepreneur. Cybersecurity risks are among the most complex to manage. They prove to be systemic due to the latest digitization trends and they evolve as fast as the attackers.

Download
Cybersecurity

A security model for distributed critical systems

This document presents a security architecture model for critical, distributed systems. As a model, it is a good tool to simplify analysis on complex systems, and is useful both in assessing existing systems, where divergence from the model points to probable security issues, and building new systems, where fitting in the model guarantees past experience is taken into account.

Download
Cybersecurity

Approaches for applying MITRE ATT&CK framework in EBIOS RM Operational Scenarios

This study explores different approaches for using MITRE ATT&CK (a knowledge base of past security incidents) as a risk identification technique, within the frame of EBIOS RM (a security risk assessment methodology). It discusses the relevance of these approaches, and of the overall use of MITRE ATT&CK for risk assessment.

Download