 |
Club de la Sécurité de l'Information Français
Bienvenue au Clusif !
Accès membres |
Evénements en région |
Informations légales |
|
ClusifClub de la Sécurité de l'Information Français
clusif@clusif.asso.fr / +33 1 53 25 08 80 / 11, rue de Mogador 75009 Paris
Adresse de cette page : http://www.clusif.asso.fr/en/clusif/present/index.asp
Le Clusif
Productions
Services
RSS/docs CLUSIFWelcome to CLUSIF website
CLUSIF (Club de la Sécurité de l'Information Français), created in 1984, is a not for profit organization allowing professionals dealing with information security (including IT security) to meet, exchange their opinions, work and progress together.
CLUSIF, based in France, is open to contributions and membership from all over the world.
CLUSIF's objective is to welcome IT security staff (CISO, etc.) together with security product and service suppliers and other interested parties. The spirit of CLUSIF is based on mutual exchanges between its members irrespective of their professional role (supplier or “user”). CLUSIF adds contacts on information security with similar organizations , either cross-national (e.g. the CLUSIx in Europe) or regional instances (CLUSIR)
CLUSIF contributes to Information Security education, improvements and awareness via publications resulting from the activity of its work groups, market studies or public conferences and meetings. Most of the documents resulting from these actions are offered to public on this site, including some technical studies translated to English.
CLUSIF also initiates regularly public studies on Cybercrime and security policies.
An important contribution of CLUSIF to the management of Information related risks is provided by the risk assessment and reduction
method MEHARI,
built around a comprehensive set of modules, tools and questionnaires. MEHARI is distributed under the Open Source principles.
MEHARI 2007 has been heavily downloaded (above 15 000 times) from more than 110 countries and has been used for ISMS process establishments and
certifications, it allows appraising organizations relatively to ISO 27001/27002 control objectives.
It is still possible to get the English versions of MEHARI
2007 knowledge bases and documentation.
MEHARI knowledge base and documentation are provided by CLUSIF in English,
translations to other languages are also available thanks to voluntary contributions.
MEHARI 2010 answers to ISO/IEC 27005:2008 guidelines and can check the compliance of organizations for their ISMS process. It includes,
directly in the knowledge bases, the formulas of the method for the direct assessment of the risks and valuation of the ways to reduce them.
Individuals and organizations interested in developing their activities through the use of MEHARI are invited to contact CLUSIF (e.g. for the
translation of documents and knowledge bases, return of experience or the development of additional tools) for advice or assistance and referencing.
Technical studies
| CYBERCRIME | ||
|---|---|---|
Cybercrime Overview - 2009 
2010 | EN |  PDF |
|
Cybercrime Overview - 2008
2009 | EN | PDF |
|
Cybercrime Overview - 2007
2008 | EN | PDF |
|
Cybercrime Overview - 2006
2007 | EN | PDF |
|
Cybercrime Overview - 2005
2006 | EN | PDF |
|
Cybercrime Overview - 2004
2005 | EN | PDF |
|
Cybercrime Overview - 2003
2004 | EN | PDF |
|
Cybercrime Overview - 2002
2003 | EN | PDF |
|
Cybercrime Overview - 2001
2002 | EN | PDF |
| WHITE PAPERS | ||
|
Web application security: managing web application security risks
2010 | EN | PDF |
|
Business Continuity Plan - I.S. Strategy and recovery solutions
2004 | EN | PDF Abstract |
|
Wireless networks: threats, advantages and safeguards - english version
2003 | EN | PDF |
| RISK MANAGEMENT | ||
|
Risk Management, Concepts and Methods
2009 | EN | PDF |
| INFORMATION SYSTEMS THREATS AND SECURITY PRATICES IN FRANCE | ||
|
Information Systems Threats and Security Pratices in France - Year 2008
2008 | EN | PDF |
|
Losses Study - Year 2003
2003 | EN | PDF |
| METHODS | ||
|
MEHARI 2010: Risk analysis and treatment Guide
2010 | EN | PDF |
|
MEHARI 2010: Changes from previous versions
2010 | EN | PDF |
|
MEHARI 2010: Processing guide for risk analysis and management
2010 | EN | PDF |
|
MEHARI 2010: Security Stakes Analysis and Classification Guide
2010 | EN | PDF |
|
MEHARI 2010: Fundamental concepts and functional specifications
2010 | EN | PDF |
MEHARI 2010 : Overview (Arabic) 
2010 | AR | PDF |
MEHARI 2010 : Overview (Chinese) 
2010 | CN | PDF |
MEHARI 2010 : Przeglad 
2010 | PL | PDF |
MEHARI 2010: Überblick 
2010 | DE | PDF |
MEHARI 2010 : Introduccion 
2010 | ES | PDF |
|
MEHARI 2010: Evaluation Guide for security services
2010 | EN | PDF |
|
MEHARI 2010 : Overview (English)
2010 | EN | PDF |
|
MEHARI 2007 : Introduction (Arabe)
2008 | AR | PDF |
MEHARI 2007 : Introduzione alla metodologia 
2008 | IT | PDF |
MEHARI 2007 : Ghid de analiza a riscului 
2008 | RO | PDF |
|
MEHARI 2007 : Privire Generala
2008 | RO | PDF |
|
MEHARI 2007 : Ghid de serviciile de securitate
2008 | RO | PDF |
|
MEHARI 2007 : Analiza mizelor de joc
2008 | RO | PDF |
|
MEHARI 2007 : Concepte si mecanisme
2008 | RO | PDF |
|
MEHARI 2007 : Handbuch Risikoanalyse
2007 | DE | PDF |
|
MEHARI 2007 : Introduccion
2007 | ES | PDF |
|
MEHARI 2007 : Knowledge bases
2007 | EN |  ZIP |
|
MEHARI 2007 : Evaluation Guide for security services
2007 | EN | PDF |
|
MEHARI 2007 : Security Stakes Analysis and Classification
2007 | EN | PDF |
|
MEHARI 2007 : Risk Analysis Guide
2007 | EN | PDF |
|
MEHARI 2007 : Concepts and Mechanisms
2007 | EN | PDF |
|
MEHARI 2007 : Overview
2007 | EN | PDF |
|
MEHARI 2007 : Überblick
2007 | DE | PDF |
|
MEHARI : Flier
2005 | EN | PDF |
Association loi de 1901
11, rue de Mogador 75009 Paris
+33 1 53 25 08 80