BTS Internships

Support of a security audit based on ISO 27002:2022

Tom EBOKOLO ( Promotion: BCYB24 )

Company: NC3 - Luxembourg House of Cybersecurity

122, rue Adolphe Fischer, L-1521 Luxembourg

Contact: Dominique KOGUE
Email: Dominique.kogue@nc3.lu
Phone: 274 00 98 635

Description:
The project will focus on developing a structured questionnaire to support the execution of a security audit aligned with ISO 27002:2022. The objective is to translate the standard’s controls and recommendations into clear, practical questions that enable organizations to assess their information security practices effectively. The questionnaire would be designed to cover key domains such as access control, risk management, asset protection, and incident response, ensuring comprehensive evaluation and consistency throughout the audit process. Ultimately, the questionnaire will serve as a practical bridge between the theoretical framework of ISO 27002:2022 and its real-world application in organizational audits.

Tools:
Developing a questionnaire to support a security audit based on ISO 27002:2022
Reviewing the standard
Get familiarized with its structure, as well as the key stages involved in a security audit.

Period: 1774828800 – 1781827200

Tutor: Denis KORAC

Tags:
BCYB24 Compliance Governance Security Audit

Development of penetration testing tools and scenarios

Dany LISTE MONTEIRO ( Promotion: BCYB23 )

Company: NTT Data

89D, rue de Pafebrouch, L-8308 Capellen

Contact: Romain HILBERT
Title: TS Implementation Engineer (L4)/Tech Lead
Email: romain.hilbert@global.ntt
Mobile: +352 621 371 663
Phone: +352 204 108 09

Description:
Durant plusieurs missions NTT DATA doit utiliser des simulations d’attaques autorisées sur un système informatique pour évaluer sa sécurité.
Nous devons utiliser les mêmes outils, techniques et processus que les attaquants pour trouver et démontrer les impacts commerciaux des faiblesses d’un système. Les tests d'intrusion simulent généralement une variété d’attaques qui pourraient menacer une entreprise.
Le rôle consistera à construire tous les outils nécessaires pour réaliser un scénario de pentest.

Tools:
Acquérir des connaissances sur les sujets spécialisés suivants :
- Questions et solutions relatives à la sécurité des systèmes d’information
- Construire un environnement de laboratoire dans le Cloud Azure ou Amazon (ESX) via Terraform
- Choisir les outils de pentest
- Déployer et mettre en pratique ces outils dans des environnements expérimentaux
- Définir un scénario d’attaque (Playbook)

Period: 1743984000 – 1750982400

Tutor: Marc LUDWIG

Tags:
BCYB23 Cloud Security PENTEST Penetration Testing Red Teaming Security Audit

General cybersecurity security audit and élaboration of a basic security governance

Noah BARTOCCI ( Promotion: BCYB21 )

Company: Sudcal SA

11, rue de Luxembourg, L-4220 Esch-sur-Alzette

Contact: Luca DORIGO
Email: luca.dorigo@sudcal.lu
Phone: +45 42588998

Description:
Sudcal is a very small company that only recently started prioritizing digitalization. So far, we had relatively few resources to dedicate to ensuring compliance with security best practices.
The student will help assess the infrastructure we have already set up, and will contribute to addressing specific gaps in the security.

Tools:
The student's time will be distributed amongst the following four tasks, depending on our progress at the time of his internship and on his own preferences as to where to focus most efforts:
• Penetration test, both for our Linux server and for the network of the Boiler (which contains the automata that run our heat network).
• General "security audit"
• enumeration of all hosts and services we have running, review of security holes/bad practices, etc.
• Setting up ’Incident response" procedures
• Assisting in the deployment of our customer-facing website where clients can visualize their consumption, ensuring that they are properly authenticated and cannot gain access to restricted information

Period: 1680480000 – 1687478400

Tutor: Roger KRIES