Excellium Services develops partnerships with Citalid and AugmentedCISO to help organizations manage and control their cyber risks, in line with their threat landscape & ecosystem. 

As the threat landscape changes, organizations must constantly adapt to address the most feared cyber risks in light of contextual and ecosystem changes, including supply chain issues, and IT transformation projects (cloud outsourcing, DevSecOps). 

This exercise, which has historically been difficult, becomes even more complex when CISOs must also be able to demonstrate the added value of the projects previously carried out on their Board and justify the investments required to continue building their security foundation and aligning with the security controls framework. 

When it comes to managing security initiatives and monitoring the roadmap, the need to demonstrate compliance with legal and regulatory obligations (NIS2, DORA) adds a few more pebbles to an already complex process.

To respond to these issues, Excellium has developed an approach that addresses three major challenges:

1- Managing cyber risk and business consequences through financial risk quantification.

2- The centralisation of security management within a unified security control repository with reporting on security performance.

3- The agility needed to manage risk in business projects, especially those involving the supply chain.

Managing information security risks is not new, but innovation in the approach to assessing cyber risks tends to integrate a new deal: the quantification of cyber risk. The main objective lies in the ability to give a monetary view of the risk, by estimating the financial loss for a given risk scenario, by exploiting objective and factual data.

To do this, Excellium relies on a unique methodology and access to an information base (Cyber Threat Intelligence Database) updated daily allowing it to have, for a given organization, the most up-to-date threat landscape. possible (threats, hacker groups, fashionable operating methods, sector news, etc.). A centralized cyber risk management platform (Citalid) is thus used for this exercise.

Johann Alessandroni, Team Leader of Information Security Governance at Excellium Services, explains: “This approach allows any organization to be able to identify its most feared risk scenarios, with an estimate of their probability as close as possible to reality, as well as average financial losses, thus making it possible to prioritize the projects reducing these estimated losses and optimizing the return on security investment.” 

This new approach allows any organization to be able to manage its risks, including those related to the supply chain, but also to initiate remediation actions by integrating them into the security roadmap of the organization (integrated in AugmentedCISO) and finally to monitor and evaluate the organization's security posture over time.

It is now possible to address major issues for organizations, the added value is increased tenfold by the interweaving and the link between the solutions and functionalities of our partners, thus making it possible to:

- Determine the defensive security profile in Citalid to manage cyber risks via, in particular, the management of the level of maturity of security controls determined in AugmentedCISO.

- Manage the security roadmap, linked with the risk treatment plan, and assess the impact on the cyber risks.

- Evaluate the service providers on the basis of the security controls applicable with regard to the nature of the service and directly collect the results in the AugmentedCISO platform, ultimately influencing the cyber risk scenarios linked to the supply chain in the Citalid platform.

Source : Excellium Services