Cyber Awareness & Best Practices

How to test & improve your cyber resilience

Be prepared at all times

Securing information is far from being a technical issue for an organisation.

Risk analysis

Risk analysis

Depending on its size and its security needs, organisations must react in the most appropriate manner. Adopting good practices, taking the necessary measures and adjusting them proportionally: all this is part of the process to ensure information security. Most of all, it depends on performing a risk analysis on a regular basis.


CASES has developed an optimised analysis method (MONARC) to produce a comprehensive risk report, with suggested solutions. This method:

  • thoroughly evaluates the risks involved
  • determines their level of criticality
  • describes the possible consequences for your organisation. It is based on CASES expertise and regularly updated prior knowledge of the business processes used within your professional organisation.

Method summary:

  • Risk Analysis Context
  • Trends Evaluation
  • Threat Assessment
  • Synthesis of the trends and threats assessment
  • Context of the risk management
  • Definition of assessment criteria, acceptance and impact

  • Identification of assets, vulnerabilities and impact appreciation
  • Synthesis of assets / impacts

  • Estimation, evaluation and risk treatment
  • Management of plan for risk treatment

  • Management of the implementation plan for risk treatment

Security policy

Security policy

To make your organisation more cyber resilient, the security policy is used to formalise and coordinate all organisational and technical security procedures of the organisation.

The security policy should contain a set of good practices (ISO/IEC 27001 and ISO/IEC 27002) and risk assessment.

An ongoing process

Safeguarding an organisation is an ongoing process that is implemented based on security measures, evaluated in Impact the most feared, threats the most likely and vulnerabilities the most important.
This process involves the following steps:

This first step aims to correctly define the scope and context of the future system. It must also make it possible to identify and evaluate risks to develop a management plan. (It cannot, however, replace the risk analysis that must be done beforehand.)

The realisation step consists mainly of applying the security policy created in the previous step. Organisational and technical measures are put in place, behavioural measures are applied by staff.

The evaluation systems must have been described in the safety manual. The goal is to ensure that the procedures put in place work as intended. These evaluations can be of several types:

  • regular audits done as part of daily activities;
  • automatic controls performed with software tools to create reports;
  • comparison with other organisations;
  • carrying out planned formal audits (‘risk assessment’);
  • revision by the management.

If evaluations and controls reveal inadequacies in certain procedures, corrections must be made.

The actions that will have been decided in the previous step will have to be implemented, i.e.:

  • at the level of the security system itself, for example by appointing a (new) person responsible for all or part of the system;
  • at the level of the operational procedures which will have been deduced, for example by the implementation of a different data backup procedure;
  • at the tools level, such as the purchase of an antivirus tool.

Cyber Threat Intelligence

Cyber Threat Intelligence

Besides making a risk analysis and creating a security policy, organisations should also have a cyber threat intelligence (CTI) capability to address cyber threats effectively. Cyber threat intelligence is any type of information an organisation may use to understand the threats targeting or may target the organisation in the future.

A group of developers from CIRCL, with the help of many other contributors, has developed a threat intelligence sharing platform as free software/open source.

MISP - Open Source Threat Intelligence and Sharing Platform

MISP allows organisations to share information such as threat intelligence, indicators, threat actor information or any kind of threat which can be structured in MISP.
MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and and improve automated detection.

Test to improve your cyber maturity

Whether it is a self-assessment or an assessment conducted with the help of a professional, test your information security maturity, data protection compliance, the efficiency of your contracts with ICT service providers, and your response to threats & incidents.

Assess your maturity level

Assess your maturity level

Evaluate your cybersecurity maturity in order to enhance your cyber risk protection.

Use Fit4Cybersecurity, a self-assessment tool, as a first step of a more thorough assessment: Diagnostic CASES.

Test yourself

Start here, fill out this free, 13-question questionnaire to find out in minutes about the status of your information security maturity level.

Improve your cyber maturity

Based on your answers, you may read valuable recommendations on how you

can improve your cybersecurity awareness in the future.

If you meet a score of 65 out of 100, a CASES Diagnostic could be done for free by one of our CASES Cybersecurity experts.

Assess your contractual relationship(s)

Assess your contractual relationship(s)

Identify the general scope of the contractual relationship, in order to set up an acquisition, a lease, a development or any other service in the field of information and communication technologies.


Fit4Contract is a self-assessment tool that provides a list of basic information security requirements that are recommended to be considered in establishing the contractual relationship.

Test yourself

Check your contracts with this free self-assessment tool if you have information security concerns when working with external suppliers.

Improve your contracts

Identify your cybersecurity and data privacy concerns to negotiate and make better contracts with your suppliers.

Based on your answers, you receive a list of basic information security requirements, advised for establishing a good contractual relationship.

Develop your cyber reflexes

Develop your cyber reflexes

Don’t wait until it’s too late. Experience a real life disaster and prepare your team for the next “cyber crisis”, now.

ROOM#42 is a cyber incident crisis simulation, hosted by C3 Luxembourg.

Test your cyber readiness

Take part in this one-hour realistic cyberattack simulation with a maximum of seven other participants and learn how to react to cyberattacks with the help of professionals.

Improve your skills against a cyber attack

Develop your cyber reflexes during a simulated cyberattack.

Remember that one of the cornerstones of proper defence and prevention is coordinated cooperation and quick and correct decision-making.

Penetration Testing - training

Penetration Testing - training

Test your system from the attackers’ point of view

Learn to attack your network before others do. Offensive security is also a mandatory ability nowadays.

Improve your security mechanisms

This course will help security professionals to see the corporate network from the attackers ’perspective and select the necessary security mechanisms.

Protect your data

Protect your data

Before implementing protective measures, you should carry out at least a summary classification exercise over the data your organisation processes. This classification is important to gain an awareness of the true value (confidentiality, integrity and availability) of the data. Depending on its value, with regard to the expected impact, if data becomes compromised, you will be able to decide on the investment to set aside for data security.

Different types of data should be protected:

  • intellectual property
  • manufacturing secrets
  • client data
  • process data, such as logistical, accounting, supplier data, etc

Coming soon: Fit4Privacy

CASES experts have developed Fit4Privacy, a new tool that will allow you to self-assess your privacy & data protection maturity level. This new self-assessment tool will be released soon.