Advisory – Fractis S.A.

services-and-advistory-tech-image

Fractis has had the honor to serve leading organizations both domestically and internationally. Indicatively these organizations include:

Domestic:

– Shipping companies
– A systemic bank
– Critical infrastructure operators
– Organizations in aviation
– Major law firms
– Major player in the food industry
– Major software companies & IT organizations

International:

– Business process and outsourcing organizations
– Strategic advisory firms
– Law firms
– Investment companies
– Financial infrastructure organizations
– Technology organizations

Trust and privacy are paramount in the work we do, so even the names of our clients are considered sensitive information. Advertising you are secure only calls for unwarranted attention.

The steps of our approach in general could be summarized as following:

  1. Introductory meeting
  2. Identification and analysis of client’s needs
  3. Formulation of the scope of work and key objectives
  4. Preparation of a proposal
  5. Discussion and agreement of the proposal
  6. Insertion of proposal in services agreement and signatures
  7. Execution of the services agreed
  8. Follow up after the termination of the services provided
  9. On going support based on your needs

Standards:


– ISO/IEC 27001: Information security management system standard.
– ISO/IEC 27002: Code of practice for information security controls.
– ISO/IEC 27005: Risk management for information security.
– ISA/IEC 62443: Requirements for implementing and maintaining electronically secure industrial automation and control systems (IACS).
– NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations (used in the U.S. government).
– Standard of Good Practice for Information Security (SOGP): Business-oriented information security guidelines developed by the Information Security Forum (ISF). Available only to ISF members and eligible associated organizations.

Frameworks:


– NIST Cybersecurity Framework: The guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology.
– HCAΑ: The implementation of the Hellenic Civil Aviation Authority’s framework to the entities it regulates.
– COBIT (Control Objectives for Information and Related Technologies): A framework for the governance and management of enterprise IT.
– CIS Critical Security Controls: A set of best practices designed to help organizations prioritize and implement cybersecurity measures.

Guidelines

– ENISA Guidelines: The European Union Agency for Cybersecurity provides various guidelines on cybersecurity topics.
– SANS Critical Security Controls: A set of best practices to enhance the cybersecurity posture of an organization.
– Cloud Security Alliance (CSA) Security Guidance: Guidelines for securing cloud computing environments.

A high-level overview of our approach:

  1. Gap analysis – Our specialized professionals meticulously conduct a gap analysis against your designated standard, framework, or regulation. If you are uncertain as to what benchmark is most impactful for your organization, we conduct a preliminary assessment to identify the right standard, framework or regulation that best meets your objectives.
  2. Provision of findings and recommendations – Following the comprehensive gap analysis, we provide targeted and detailed recommendations for every identified gap or finding while accounting for each organization’s available resources.
  3. Prioritization of recommendations – Understanding that each organization has unique needs, we prioritize the recommendations, offering short-term tactical wins and long-term strategic objectives. This prioritization is crafted to align with your risk tolerance and available resources, ensuring that you achieve both immediate improvements and long-term goals. We aim to empower your organization with a clear, actionable pathway to heightened security and compliance.

Co-sourcing: We flexibly augment your capabilities in the provision of internal cyber security and IT functions integrating the specialists and technologies you need in your organization to perform the services or tasks you require. This middle ground between inhouse and full outsourcing fosters the transfer of knowledge and expertise as by sharing responsibilities and joint decision making you not only achieve your objectives, but we jointly skill-up our teams as they learn from one another. This mode of collaboration strategically leverages the strengths of our respective personnel and is ideal for organizations which want a more hands-on approach.

Outsourcing:  We assume and proceed with executing the functions, tasks, and responsibilities which you would like to have to increase your capabilities. After careful scoping and determination of reporting requirements and lines, you can then proceed with focusing on your primary objectives with peace of mind. This allows you to obtain access to specialized technologies, skills and competencies, in a cost-effective way that is flexible and scalable. This mode of collaboration tactically augments your available resources and is ideal for organizations that want a more hands-off approach.

  1. Long term: Over long periods of time with tactical involvement, often decreasing in duration over time. The lessening required duration over time is usually due to the increase in efforts required in the beginning to put structures in place, streamline efforts and the achievement of economies of scale, which come with involvement and time.
  2. Short & medium term: A limited period either in the short or medium term until operations or infrastructures are streamlined and finetuned.
  3. Ad-hoc: To tackle specific projects or engagements.
  4. On the job skill acquisition: until train internal staff are trained or until the conditions are ripe to hire suitable profiles.

Several factors play an important role in determining the right technological solution in any organization.

– Clear identification of the problem to be solved or objective to be met.

– Thorough assessment of the context in which the technological solution will be implemented. This analysis includes:

– the way you operate as an organization.

– your human resources and their skill level.

– other technologies you may have in place.

– Required investment vs increase in protection.

The end goal is to find the right technological fit for your organization.

While antivirus software remains an essential component of cyber security relying solely on it can leave even the most basic organization vulnerable to modern threats. It offers limited protection as it is only effective against known malware strains and unable to face zero-day attacks and exploits of unknown vulnerabilities.

Furthermore, modern cyber threats such as ransomware, the most imminent threat to most organizations, can easily bypass traditional antivirus software in most cases. Finally, and given its focus is on endpoint protection, it is unable to adequately defend your networks or cloud infrastructures.

Contact form

    *Required fields