Context
After an intrusion attempt detected late, the executive management of an insurance company commissioned a complete security assessment: infrastructure, business applications, team practices and compliance with CIMA and data-protection requirements.
The challenge
Get an honest view of actual exposure — beyond paper audits —, prioritize remediation within a constrained budget, and build momentum for continuous improvement rather than yet another report in a drawer.
Our approach
- 01
External and internal penetration tests (network, web applications, targeted social engineering) under strict confidentiality agreements.
- 02
Configuration review of servers, endpoints and network equipment against hardening baselines (CIS).
- 03
Risk-prioritized remediation plan: 12 workstreams ranked by impact/effort, tracked in a monthly committee.
- 04
ISO 27001 foundations: security policy, privileged-access management, tested backups, exercised incident-response plan.
Results
Critical vulnerabilities were closed within the first 90 days. Twelve months on, the company has had no major incident, passed its ISO 27001 readiness audit, and now uses its security posture as a sales argument with large accounts.
