Public sector
Pragmatic and compliant cybersecurity support for local authorities and public bodies
1. Public Information Systems Security: Audit, Compliance, and ISS Strategy. Strengthen the IT security and resilience of your public servers, infrastructure, systems, and networks through IT security audits aligned with ANSSI standards and regulatory requirements: CyberScore, GDPR, RGS, HDS, etc. 2. Public IS Vulnerability Mapping, Management, and Monitoring. Identify, analyze, and secure the exposure of all your IT assets: comprehensive mapping, security level assessment, and technical and organizational measures. 3. Operational Security and Monitoring: Outsourced/Shared Public SOC and Incident Management. Integrate a dedicated/pooled SOC solution: detection of security incidents, security vulnerabilities, and alerts on shadow IT, business information systems, and connected assets. 4. IT Security Solutions, Encryption, and CNIL/ANSSI Compliance. Benefit from a turnkey solution: cryptography, data encryption, access/password management, GDPR/PGSSI-SA compliance, and regulatory technical documentation. 5. Governance, IT security policies & IT security management for local authorities: Deploy an IT security policy tailored to the public organization: master plan, security master plan, RACI matrix, CIO/elected official reporting, participatory IT security committee/unit. 6. Raise user awareness and create an IT security culture among elected officials and public employees: Train, inform, and engage elected officials, CIOs, employees, and managers with targeted campaigns: e-learning, quizzes, workshops, short documentation, non-technical onboarding. 7. Securing the cloud, connected infrastructures, and digital transformation of public organizations: Harden cloud, SaaS, Azure/OVHpublic, connected objects, hybrid infrastructures: security audits, risk analysis, disaster recovery/business continuity plans, PASSI compliance, PACS, LPM, etc. 8. Managing IT Suppliers, Subcontractors, and Service Providers in a Distributed Public Context: Master shadow IT, vendor risk, and securing inter-municipal/supplier data flows: audit procedures, RGS documentation, and management of information systems security contracts. 9. IT Risk Analysis, Security Policy, and Information Systems Security Reporting Tailored to Local Authorities: Support CIO and management decision-making: methodical risk analysis, CyberScore dashboard, clear reporting, and policies adapted to operational realities. 10. Business Continuity, Disaster Recovery Plans/Business Continuity Plans, and Public Cybersecurity Crisis Management Procedures: Guarantee the continuity and robustness of public service under all circumstances through tailored Disaster Recovery Plans/Business Continuity Plans, incident/crisis procedures, and resource pooling.
Priority sectoral issues
Departments, Regions, Cities, Public Interest Groups, national agencies, institutions: the public sector is on the front line against cyber threats. Yet, budget cycles, organizational complexity, regulatory obligations, and the diversity of IT systems make security difficult to manage without structured support.
Protecting administrative and user data
Civil registry, HR, urban planning, social services, GIS, etc.
Consolidating heterogeneous IT environments
Business software, Cloud, legacy systems
Responding to targeted cyberattacks
(ransomware, double extortion) SOC, EDR, PCA applications
Comply with sector-specific obligations
CNIL, ANS, HDS certification, PGSSI-S framework
Managing service providers in open management structures
Managed services, local publishers, multiple IT services companies
Create an information security culture within management
General managers, IT directors, HR managers, elected officials: all involved at their level
What this course allows you to pilot
Strategy & Governance
Proposed actions
Adapted information systems security plan, security master plan, RACI matrix for information systems security, committees
Business value
Structuring governance without over-administering
Risks & Compliance
Proposed actions
Application mapping, CNIL compliance, CyberScore, PGSSI local authority
Business value
Knowing where to act, with which levers, and at what cost
Architecture & SecOps
Proposed actions
AD + Cloud review (Azure, Office, SaaS business solutions), access hardening
Business value
Identify exploitable vulnerabilities without a complete overhaul.
Cyber Defense Operations
Proposed actions
Outsourced or shared SOC, EDR for critical workstations
Business value
Providing rapid detection even without internal resources
Incident & Crisis
Proposed actions
Quick reference guides for IT/DGS, incident management kit, single point of contact
Business value
React quickly without disrupting management or staff
Resilience
Proposed actions
Business continuity/disaster recovery plan for local authorities, offsite backup, business dependencies
Business value
Maintaining operations without a complex IT plan
Cyber culture
Proposed actions
Awareness-raising for elected officials, staff, and managers; visual aids and quizzes
Business value
Mobilize without dramatizing, channel the right reflexes
For whom?
Local authorities (municipalities, departments, regions, inter-municipal bodies)
Public institutions and state or decentralized agencies
Actors in education, culture or local development
Organizations managing public service delegations (DSP), public interest groups (GIP), public project management assistance (AMO), or citizen data
Course Content Public Sector
- Quick questionnaire on security level / Cloud / key applications
- Existing Information Systems Security/GDPR Documentation Review
- Alignment with political and civic priorities
premium services
- Strengthening the protection of systems essential to citizens
- To raise awareness of cybersecurity among elected officials and management
- Preparing for tomorrow's regulatory obligations (CyberScore, NIS2)
- Establishing clear governance even in a distributed organization
- Managing security within sustainable means
A pedagogical, practical, and aligned approach
Use Cases
Situation encountered
- Multiple interlocutors
- The documentation is too technical.
- Absence of SOC
- Lack of on-the-ground acculturation
- Low visibility SSI
Our contribution
- Cultivate a coordinated management approach based on role, not on job title.
- Produce deliverables that are politically understandable.
- Establish a credible, shared detection system
- Raising awareness without overwhelming, using targeted short formats
- Gathering the right indicators at the right time to make informed decisions
Practical details
Duration
4 to 12 months depending on the area (municipality, urban area, GHT…)
Delivery method
local support, shared or via public procurement
Areas covered
MS365, public business software, Active Directory, Azure/OVHpublic Cloud
Secure your public procurement with Intrinsec's UGAP-approved expertise
Intrinsec, listed with UGAP (F31076), offers a turnkey solution for acquiring compliant security solutions, without a tendering procedure, up to €100,000.
Benefits
Guaranteed conformity
Solutions aligned with the public procurement code and ANSSI requirements (PASSI LPM/RGS, PRIS, PACS)
Increased efficiency
Simplified procedures for urgent projects (cybersecurity, IT system modernization)
Dedicated expertise
Security assessment including an ANSSI audit, a configuration compliant with the RGS (General Security Repository) with documentation, and the drafting of technical clauses (encryption, disaster recovery plan, GDPR) for the tender documents.
Cost pooling
Pre-negotiated rates through UGAP to optimize your budget
Ready to Strengthen Your Cybersecurity?
Don't let threats catch you off guard. Discover how our program can secure your organization.
