Cybersecurity and cybercrime
Cybersecurity
- Identification of the applicable legal and regulatory framework (GDPR; NIS 2; REC; DORA; MICA; Military Programming Act (LPM), etc.);
- Identification of high-risk processing activities (GDPR) and high-risk practices (AI Act): compliance reports and impact assessments (legal, operational, insurance, contractual, and reputational);
- Design and implementation of Information Systems Security Policies, IT charters, business continuity and recovery plans, IT service incident management policies, access and authorization management policies, and procedures for data backup, anonymization and pseudonymization;
- Reporting of incidents/breaches and support during inspections by regulatory authorities (CNIL; ANSSI; ARS; ACPR);
- Advice and assistance regarding personal data protection and GDPR violations.
Cybercrime
- Cyberattacks/ASTAD; ransomware (compromise, encryption, theft, and fraudulent sale of data on the dark web (doxing), extortion (cyber-racketeering));
- Digital scams and fraud (CEO fraud, fake bank advisor scams (spoofing), phishing, pharming, crypto-jacking, romance scams, and pig-butchering);
- Cyberbullying (revenge porn; “social media mob attacks”; damage to online reputation (fraping), with or without the use of artificial intelligence (deepfakes)); identity theft;
- Cyberspying.
