Learn more about our expertise in cybersecurity

As an independent consultancy, VONA rises to meet your cybersecurity challenges. Our consultant cybersecurity specialists provide you with support and guidance in establishing or improving your cybergovernance, with the aim of reducing your risk levels and protecting your data capital.

Cybersecurity as a business enabler

We firmly believe that cybersecurity is a matter concerning each and every one of us.

The twin objectives behind our approach are therefore to guide functional departments in building a cybergovernance strategy that is specific to their business, and to raise user awareness of the issues.

We consequently think that cybersecurity must be a business enabler.

Control over risk, a major challenge

It is now an established fact that the likelihood of companies being attacked and suffering substantial harm is increasing significantly and regularly.

The question is not if they will be targeted, but when, how often and what the consequences will be.

This situation, which will only get worse, is the direct result of:

  • the ease with which malware and malicious payloads can be obtained and used
  • the increasing technical sophistication and ingenuity of attacks, enabling defences to be breached
  • the ever-greater professionalism of attackers, now conducting targeted, large-scale attacks
  • increased regulatory pressure (GDPR, eIDAS, France’s military planning law (LPM) identifying IS of vital importance, etc.)

VONA's expertise

We also firmly believe that control over these risks can only be achieved by implementing efficient, pragmatic and appropriate cybersecurity governance.

This cybergovernance has to identify, coordinate and manage the technical and organisational resources allocated to this area to:

  • Protect, anticipate and prepare
  • Detect, understand and assess
  • Respond, act and communicate
  • Recover, learn and improve

All of this quite naturally requires staff, functional personnel and top management who are knowledgeable and properly trained, because we must not forget that cybersecurity is a matter concerning each and every one of us.

Of course, all of this relies on staff, professional actors and top management who are aware and trained because we must not forget: cybersecurity is everyone’s business and each.

Our working method varies
according to our assignment

Each business and organisation needs to apply cybersecurity measures that are appropriate to its own particular structure and the challenges it faces.

In this regard, then, the first thing we have to do is understand the customer, and understand their business, their challenges and their constraints. Every customer is unique, and every solution is therefore necessarily different, to match the individual customer.


  • Understand the customer’s line of business
  • Understand their challenges and constraints
  • Understand what the customer requires
  • Understand the assignment at hand


  • Put cybergovernance in place
  • Identify key stakeholders
  • Separate what already exists from what remains to be done
  • Build an action plan and a roadmap


  • Implement by following the plan
  • Produce the cybersecurity documentation reference base
  • Be proactive and responsive
  • Provide visibility
  • Produce KPIs


  • Help you become self-sufficient
  • Provide any additional information needed
  • Collect any new requirements
  • Inform, train and raise awareness

What we offer


  • Align your cybersecurity strategy with the overall strategy for the business
  • Set strategic orientations taking due account of the main risks the business faces, and its maturity level as regards cybersecurity
  • Raise top management’s awareness and allocate a budget in proportion to the challenges to be met and risks covered
  • Anticipate innovation and play a role as a business enabler
  • Develop an appropriate sourcing strategy and build a cybersecurity jobs and skills plan


  • Propose cybergovernance that fits with the business organisation, to support the transformation of the digital space
  • Help to implement data governance procedures
  • Navigate the strategic road map and ensure key objectives are achieved
  • Define the roles and responsibilities of the various stakeholders in protecting data assets
  • Ensure compliance
  • Build an IT security reference library (general policy, specific policies on various subjects, etc.)
  • Conduct audits and manage improvements

Operational aspects and transformation

Support and guide functional departments and IT in improving operational security, including the following areas:

  • Include security-by-design when specifying invitations to tender
  • Risk analysis and IS security audit
  • ISO Certification
  • Ensure GDPR compliance
  • Cyber innovation (Security days)
  • Business continuity and disaster recovery plans

Inform, train and raise awareness

  • Ensure that specific cybersecurity training requirements are included, consistent with the jobs and training plan
  • Deliver appropriate recurring cybersecurity briefing sessions

KPI reporting and monitoring

  • Define, produce and analyse KPIs
  • Build dashboards
  • Provide management and decision support


  • Aligner la stratégie cybersécurité avec la stratégie générale de l’entreprise
  • Définir les orientations stratégiques en tenant compte des principaux risques de l’entreprise et du niveau de maturité en Cybersécurité
  • Sensibiliser le Top management et porter un budget proportionné aux enjeux / risques à couvrir
  • Anticiper l’innovation et incarner un rôle de business enabler
  • Assurer une stratégie de sourcing pertinente et définir une GPEC sur la filière cybersécurité


  • Proposer une cybergouvernance cohérente avec l’organisation de l’entreprise pour accompagner la transformation de l’espace numérique
  • Contribuer à mettre en œuvre une comitologie autour de la gouvernance de la donnée
  • Piloter la feuille de route stratégique et veiller à l’atteinte des objectifs clés
  • Définir les rôles et responsabilités des différent.e.s acteur.rice.s de la protection du patrimoine informationnel
  • Assurer la conformité
  • Elaborer le référentiel SSI (politique générale, politiques thématiques, …)
  • Piloter les actions de contrôle et d’amélioration

Excellence opérationnelle

  • Définir l’organisation de cyber-résilience et assurer la sécurité des opérations
  • Veiller à une démarche d’intégration de la sécurité dans les projets et les initiatives digitales
  • Élaborer le référentiel Opérationnel de Cybersécurité (niveau de sécurité du catalogue de services IT, notes de sécurité, processus, procédures et outillage)
  • Être sponsor et piloter les programmes de sécurité
  • Accompagner à la mise en conformité RGPD de l’entreprise et des grands projets

Sensibilisation et Formation

  • En cohérence avec la GPEC, s’assurer de la prise en compte des besoins de formation spécifique cybersécurité
  • Assurer une sensibilisation à la cybersécurité adaptée et récurrente pour l’ensemble des populations ayant accès aux systèmes d’information


Accompagner les métiers et SI dans la sécurisation de leurs programmes, notamment dans les domaines suivants :

  • SI industriel
  • Innovations technologiques (IoT, IA)
  • Connectivités critiques

Read some of our cybersecurity success stories

Transport sector

VONA assisted its customer with management support for information systems security (spanning 11 functional departments, 600 applications and 170 projects every year).

Public sector

VONA assisted its customer with management support for a project to provide security for a major sporting event.

Finance sector

VONA advised its customer on setting up a process to ensure security was built into agile IS projects.