Risk analysis. 500‭ checkpoints to strengthen our defences


The use of networks or applications connected to the Internet exposes the company to the risk of hacking, diversion of information, destruction of vital company data.


ARPOS® is a risk analysis tool created to obtain a view of risks and the means to reduce them. This tool was created in the Talsion company, and it is based on a critical review of the following repositories :

  • SPRINT – Simplified Process for Risk Identification
  • ISO 27002 – International Standard Organisation
  • UFC – Unified Facilities Criteria DoD
  • Hardening guides from editors and manufacturers

This critical approach of the documents presented above has been reinforced by the experience acquired by our company within the audits we’ve performed for our customers for many years.

ARPOS® was modelled to create a custom tool tailored to the constraints commonly found at the heart of information systems and businesses.

Perimeter Description
Application a set of softwares will be evaluated along different areas, ranging from technical milestone backups to software hardening.
Réseau (Network) the architecture and the global barrier will be assessed. In addition, the configuration of certain key elements will be performed.
Physical the key processes and physical protection measures created in order to protect the information system, equipment, and sensitive data will be analysed.
Organisational a sample of the main procedures related to the functioning of the information system will be analysed.
System key operating systems will undergo an analysis to discover their security levels, their porosity, as well as their update levels.

Thus, more than five hundred checkpoints will develop an inventory of the different facets of the security of the analysed company’s information system.

Reports :

ARPOS report of risk analysis, risk visualisation tools

Maturity :

This mission was created in‭ 2013 and is in the standardization phase today.


Remarks :

The ARPOS® risk analysis tool does not allow us to obtain a detailed overview of risks that may exist in a targeted perimeter. In fact, its objective is to highlight various potentially dangerous risks within the analysed company, in a short time with a controlled budget.