Frequently Asked Questions

We transform cyber risks from business inhibitor to a growth enabler.

CYRIS360

Switch to {language}?

At Cyris360, we have developed the Cyber Risk Framework (CRF), a modular framework designed to support businesses in addressing their cybersecurity challenges, in 3 steps:

This pillar focuses on understanding your organization's unique context, by performing a gap assessment, followed by a roadmap with one or muliple work product(s) to reach the desired outcome.

Governance

This pillar is about delivering the work product(s) and creating measurable improvements that build a more secure and resilient IT environment and increased staff awareness.

Implementation

This pillar focuses on maintaining cybersecurity resilience in day-to-day activities. This ensures the long-term sustainability of your cybersecurity efforts, as your business evolves.

Operations

Our methodology

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.

404 - Page Not Found

This course equips participants with the knowledge and skills to plan, implement, and manage an Information Security Management System (ISMS) based on ISO/IEC 27001. It covers risk management, controls, and practical implementation strategies to ensure compliance and continuous improvement.

PECB - ISO/IEC 27001 Lead Implementer

Focused on auditing principles and practices, this course prepares professionals to conduct internal and external audits of an ISMS against ISO/IEC 27001. Participants learn how to assess compliance, identify gaps, and report findings effectively.

PECB - ISO/IEC 27001 Lead Auditor

An introductory course on the NIS2 Directive, providing a clear overview of its scope, requirements, and impact. It helps organizations understand their obligations and the fundamentals of strengthening cybersecurity resilience.

PECB - NIS2 Directive Foundation

The programme is delivered in two interactive sessions of two hours each and ensures that board members meet their legal obligations. Led by experienced experts, the session focuses on how NIS2 affects governance, accountability, and risk management at the strategic level.

DNV - NIS 2 Boardroom Session

The CISM certification is of value for professionals who wish to deepen their knowledge in information security and are responsible for managing or implementing information security programmes.

ISACA - Certified Information Security Manager (CISM)

CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at ISC2.

ISC2 - Certified Secure Software Lifecycle Professional (CSSLP)

This course introduces the ISO/SAE 21434 framework for managing cybersecurity risks in road vehicles. It covers key concepts such as threat analysis, risk assessment, and secure development across the automotive lifecycle.

Automotive Cybersecurity Professional ; ISO/SAE 21434

A customized introduction to ISO/IEC 27001 designed to match your organization's context. This workshop builds foundational understanding of information security principles, roles, and responsibilities, helping employees recognize risks and contribute to a strong security culture.

ISMS Awareness Workshop

Cyris360 Academy

Our academy offers a variety of cybersecurity courses, covering GRC topics, including general awarenss workshop, ISO/IEC27001 standard and NIS2, as well as secure software development lifecycle and threat modeling.

What courses are included in the Cyris360 Academy ?

Securing the Internet of Things (IoT) is essential as these technologies become integral to critical infrastructure and manufacturing processes. The ETSI EN 303 645, EN 18031, EN 17927 and ISO/IEC 27402 standards focus on the security requirements of IoT devices, providing a foundation for assessing vulnerabilities and ensuring compliance with recognized protection profiles. These frameworks highlight the need for layered defense strategies, secure device provisioning, and continuous monitoring to mitigate threats such as malware propagation, unauthorized control access, and data exfiltration.

Secure IoT - Cyber Resilience Act (CRA) Compliance

As AI transitions from pilot to production, security must be integrated into every stage of the lifecycle. Our Secure AI Lifecycle service ensures your AI/ML deployments are resilient against emerging threats, privacy risks, and adversarial attacks. We bridge the gap between innovation and security, ensuring compliance with international benchmarks and industry best practices.

Secure AI Lifecycle

As electric vehicle (EV) adoption accelerates, the cybersecurity of EV charging infrastructure becomes increasingly critical, particularly given the integration of communication protocols like ISO 15118 and OCPP 2.0.1. ISO 15118 enables secure, automated communication between EVs and charging stations, supporting features like Plug & Charge and encrypted identification, while OCPP 2.0.1 facilitates backend interoperability between charging stations and management systems. Both frameworks rely heavily on robust cryptographic mechanisms to ensure authentication, data integrity, and confidentiality.

Secure EV Charging Stations (EVCSs)

Cybersecurity has been a hot topic over the past few years as hackers continue to find ways to exploit vulnerabilities within vehicles. As automakers begin to implement vehicle-to-everything (V2X) communication systems, they also face challenges with cybersecurity. The V2X technology allows cars to communicate with each other, as well as with surrounding environment and exchange information, without human intervention. This type of system could potentially save lives when used properly; however, there are risks involved.

Secure Automotive Engineering

Threat-led penetration testing (TLPT) is a security assessment that simulates real-world cyberattacks, using the actual tactics, techniques, and procedures (TTPs) of threat actors to test an organization's resilience. Unlike traditional penetration testing, which often focuses on known vulnerabilities, TLPT uses threat intelligence to create a targeted and realistic scenario designed to test defenses against sophisticated adversaries and identify weaknesses in people, processes, and technology.

Penetration Testing & Conformity assessment

Cybersecurity Engineering

Our Cybersecurity engineering focuses on ensuring a product is secure and reliable from its initial design and development phases through to its end-of-life (EOL). With the increasing reliance on connected devices such as vehicles, smartphones, IoT, and critical infrastructure systems, security becomes crucial. These devices often operate in non-trusted environments and, if compromised, can be used to launch attacks or facilitate coordinated cyber threats like DDoS attacks.

What is included in the Cybersecurity Engineering service offering ?

We provide tailored Management system implementation for our client, helping them navigate the evolving regulatory landscape and build operational and cyber resilience. We support the implementation of internationally recognized standards such as ISO/IEC 27001 for information security and ISO 22301 for business continuity. We also offer support with the implementation of NIST Cybersecurity Framework (CSF) v2.0, as well as TISAX ISA requirements for automotive suppliers.

Management System Implementation

We offer regulatory compliance support designed to address the technical challenges associated with the implmentation of NIS2 (Cbw) regulatory requirements, including ICT risk assessments, third-party risk management, incident response readiness, and regulatory reporting obligations<br/> Furthermore, we assist financial entities like banks, investment firms, and insurance companies, as well as ICT third-party service providers in scope of DORA regulation, to protect critical services, maintain client' trust, and meet the expectations of regulators and stakeholders alike.

Compliance Support

A Fractional Chief/Technical Information Security Officer is an outsourced cybersecurity expert that provides a bundle of information security management services to help client organizations develop and implement security policies, manage vendors, vulnerabilites, risks, and ensure compliance with industry regulations. Fractional CISO/TISO is particurarely suited for small and medium businesses that want to benefit from experienced cybersecurity professionals without the overhead of a full-time CISO/TISO.

Fractional Chief/Technical Information Security Officer

Internal Audit is a mandatory requirement for most management systems. But for many organizations, it becomes a "check-the-box" exercise done by internal staff who are often too close to the daily operations to see the cracks. This is why savvy leaders outsource their internal audits. Here's the "External Consultant" advantage: <br/>1. True Objectivity: We have no internal politics or biases. We call out risks exactly as they are. <br/>2. Specialized Expertise: While your team focuses on engineering or operations, we focus 100% on the standard and current threat landscape. <br/>3. Fresh Eyes: We spot the "blind spots" that have become invisible to your team over time.

Internal Audit

Governance, Risk and Compliance

Our GRC offerings include the implementation of Information Security Management Systems (ISMS), and CISO as a Service, for various sectors including Energy, Healthcare, and IT service providers. From gap assessments and risk analysis to policy development, and audit preparation, we deliver tailored support for achieving compliance with information security regulations such as the NIS2 and DORA.

What is included in the Governance, Risk and Compliance service offering ?

Our MDR service provides continuous, expert-led monitoring and threat response across all endpoints and your corporate network. We combine advanced detection technologies with human-led analysis to identify suspicious activity in real time and take rapid action to contain and mitigate threats. This service enhances your organization's security posture by ensuring that cyberattacks are detected early and responded to effectively—24/7.

Managed Detection and Response (MDR)

Our CSPM service safeguards your cloud infrastructure by continuously monitoring configurations, access controls, and workloads for vulnerabilities, misconfigurations, and compliance risks. We help you maintain a hardened cloud environment through automated assessments, prioritized remediation guidance, and ongoing security governance. This service ensures that your cloud operations remain secure, compliant, and resilient as your environment evolves.

Cloud Security Posture Management (CSPM)

Our specialized vulnerability management service for Industrial & Medical IoT edge devices addresses the unique security challenges of connected hardware in sensitive environments. We provide end-to-end oversight—from automated asset discovery and firmware security analysis to risk-based prioritization—ensuring your ecosystem remains resilient against evolving cyber threats. We identify critical vulnerabilities in both legacy and modern hardware while strictly minimizing operational downtime. Our approach moves beyond simple scanning to deliver actionable remediation strategies tailored to the clinical environment, directly safeguarding patient safety, data integrity, and continuous regulatory compliance.

Vulnerability management for Industrial & Medical IoT devices

Our SOC as a Service provides a unified, full-spectrum security operations capability that covers endpoints, corporate network, and cloud infrastructure within a single managed offering. With 24/7 monitoring, detection, threat hunting, and rapid response, our team acts as your dedicated Security Operations Center. This service integrates telemetry across your entire environment, enabling coordinated detection and faster, more accurate response to complex attacks—delivering enterprise-grade security without the cost or complexity of building your own SOC.

Security Operation Center as a Service (SOCaaS)

Managed Security Services

Protecting today's digital environments requires more than point solutions—it demands continuous visibility, expert oversight, and strategic leadership. Our Managed Security Services provide end-to-end protection across endpoints, cloud environments, connected devices, and security operations. From proactive threat detection to compliance-ready asset visibility and 24/7 monitoring, we deliver enterprise-grade security without the overhead of building it in-house. All services can be delivered individually or bundled with our CISO as a Service (vCISO) offering—providing strategic leadership, governance, risk management, and security roadmap alignment to ensure your technology investments support business objectives and regulatory requirements.

Why Managed Security Services Matter?

Our Cybersecurity Engineering services embed security directly into your development and operational lifecycles. We integrate security from the design phase through deployment, reducing vulnerabilities in your applications. We also ensure CRA (Cyber Resilience Act) compliance, helping you build robust and resilient digital products that meet upcoming regulatory requirements for connected devices.

We empower our clients to leverage the immense potential of Digital Transformation, while effectively managing the inherent risks that come with Digital Technologies. Thus, enabling you to accelerate your business-growth safely and efficiently.

Our GRC (Governance, Risk, and Compliance) consulting services help your organization establish robust frameworks to manage information security. We guide you through the complexities of standards like ISO27001 for implementation and audit preparation, ensuring your systems meet international best practices. Additionally, we assist with NIS2 and DORA compliance, helping you navigate new regulatory landscapes to protect critical infrastructure and digital services.

With our Managed Security Services, you gain continuous protection without the overhead. We offer Managed Detection and Response (MDR), providing 24/7 threat monitoring, detection, and rapid incident response to keep your business secure. Our Cloud Security Posture Management (CSPM) ensures your cloud environments are configured securely, identifying and remediating misconfigurations before they can be exploited. 

Our services

Cyris360 was founded in 2023 with a focus in cybersecurity governance, risk management, and secure software development. In early 2026, we launched our Academy in partnership with Bluedragon Security and Security Academy (A DNV Company). Furthermore, we're founding member of Securos.eu — a collaborative network designed to bring together diverse skill sets and decades of accumulated experience.

Saber Ferjani

Paolo Carner

Alexia Ronda

Ilyess Benaicha

Kağan Gökbayrak

Aziz Zribi

Our team

Hannes Wyss

Anton Fedorov

Anonymous

Herman Greeven

Craig Knox

At Cyris360, we help our clients with clarity and confidence. Here's what sets us apart:

We focus on what matters most. By streamlining processes and eliminating unnecessary complexity, we deliver results quickly and make the most of your budget and resources.

Efficient

We bring the best of both worlds: strong technical expertise and real-world, hands-on experience. This combination allows us to understand your challenges deeply and craft practical, high-impact solutions.

Proficient

CYRIS360 is trusted by global brands, including:

Our value proposition

With consistently high client satisfaction and long-standing partnerships, we've built a reputation for delivering on our promises and acting as a dependable advisor in every engagement.

Governance, Risk and Compliance

What is included in the Governance, Risk and Compliance service offering ?

Forms:

Partners:

Trust:

‎