ORNISEC is a leading company in the field of aviation cybersecurity. Its consultants, based in France and Morocco, work with the IT and technical departments of airports and airlines to strengthen their level of resilience in terms of cybersecurity and to comply with the legal and regulatory framework for the protection of aviation infrastructure. With several dozen airports and airlines supported in France and internationally, ORNISEC has extensive expertise in the air transport sector. This expertise allows us to offer pragmatic and tailored support to solve the most complex cybersecurity challenges facing the airline industry today.
ORNISEC offers a complete range of services in the field of information systems cybersecurity for the aviation sector:
Services for solution providers in the airline industry:
Upstream phase: Elaborate a roadmap and a commercial argument
- Carry out security audits on your products
- Carry out a study of the compliance of your products with airport regulations (3CF, PART-IS, NIS Directive, LPM, 2015/1998, etc.) - Elaborate the regulatory compliance file for each product
- Develop a risk analysis for each product
- Write a Security Assurance Plan (SAP) for each product - Business case
- Write your security policy
Development phase: Guarantee a robust security level of the developed products
- Implementation of a security integration process in the development cycle of your products
- Implementation of an automated audit to verify the security level of the code internally
- Training of developers in secure development best practices
- Implementation of a process for maintaining the security of your products once they are deployed in production
- Verification of security levels after correction
Presale phase: Assist you in demonstrating to your customers a good mastery of their cybersecurity issues
- Participation during the presale to the writing of a file of answers to cybersecurity requirements (of the customer and regulatory)
- Participation in the various exchanges with customers during the presale phase
- Carrying out cyber discussions with the client in consultation with your teams
- Assist the customer to understand the regulatory issues and how your products can help them on the subject
Operations phase: React quickly and effectively in the event of a cyber crisis to control the incident and limit the damage:
- Assist your teams in the event of a cyber crisis
- Provide cyber forensic expertise for the management of security incidents (analysis, correction, remediation, communication with the client, etc.)
- Development of a post-incident remediation action plan to avoid the reproduction of incidents
Services for airports/airlines:
Audit
- Architecture audits
- Configuration audits
- Code audits
- Penetration tests
- Audit qualified PASSI of the ANSSI (In the process of qualification with CERTITRUST)
Consulting
- Elaboration of security policies & procedures
- Security expertise & integration
- Security risk management
- Security certification
Compliance
- LPM compliance
- RGPD compliance
- NIS Directive Compliance
- ISO27001 Compliance
- HDS Compliance
- RGS compliance
- DGAC regulations
CISO and DPO assistance (SSI)
- Managing operational security
- Implementing the security policies
- Security expertise
- Reporting and monitoring of projects
- CISO coaching
- Realization of the PIA - RGPD
Training & Awareness
- Awareness: Program, Phishing, Workshops, MCQ
- Training: CISO, S&R Administrator, industrial team, developer and project manager.
Cybersecurity crisis management
- Preparation: BCP/ERP, Procedure (incident, crisis)
- Exercise: Cybersecurity crisis simulation
- Response: Forensic, Incident Response
References:
Airport solution providers :
- RESA, SMITHS DETECTION, OMNITECH, DETEKTIN, DAIFUKU,
Airports: (+40 airports in France, Canada, Africa)
- Montreal Airport : cybersecurity consulting and auditing
- Nice Airport : cybersecurity consulting and auditing
- Guadeloupe Airport : CISO assistance
Airlines : (+5)
- Transavia
- Air Austral
- Air Calin
- ASL AIRLINES