IT Governance / Security Risk
Structure. Supervise. Anticipate. Management of the Information System, mapping, risk management, security reporting, compliance. We support you in governance aligned with your business challenges, GDPR, and ISO.
Why implement an information security governance centered on ISO 27001, NIS2, and the Microsoft ecosystem (Azure & Microsoft 365)?
Issues | Managed Risks | Tangible Benefits |
|---|---|---|
Regulatory Alignment | Non-compliance with ISO 27001 or NIS2 | Successful audit, trust of clients & authorities |
Access Protection | Account takeover, data leaks | Widespread MFA & Conditional Access |
Rapid Incident Detection | Unseen attacks, long response time | Native SIEM: Azure Sentinel + automated alerts |
Unified Vision | Scattered security projects | Single dashboard (Secure Score + KPI Power BI) |
Cost Optimization | Redundant on-prem tools | Adoption of managed services included in your M365/Azure licenses |
Our simplified method in 3 steps
Step | Objective | Key Deliverables |
|---|---|---|
1 — Diagnose | Assess the ISO 27001 & NIS2 gap and the current use of Azure/M365 | • Maturity score • Account & license mapping • Top 10 gaps |
2 — Structure | Establish Microsoft security foundations | • Information Security Policy • Roles & RACI • MFA plan, Conditional Access, Azure RBAC |
3 — Manage | Monitor & continuously improve | • KPI dashboard (Secure Score, Sentinel incidents) • Internal audit planning • Phishing awareness program |
Each phase includes a support session so that your teams know how to manage the tenant on their own.
Covered Scope
Identity & Access: Entra ID (Azure AD) + MFA, Conditional Access, Privileged Identity Management
Monitoring: Azure Sentinel (SIEM/SOAR), Defender for Cloud & Microsoft 365 Defender
Compliance: ISO 27001:2022, NIS2 (alignment of requirements), Purview compliance labels
M365 Security: Defender for Office 365, Safe Links, Safe Attachments
Azure Governance: Azure Policy (ISO 27001 initiative), Secure Score, NIS2 Blueprint
Awareness: Microsoft Attack Simulator phishing campaigns + e-learning
Deliverables & Support
Executive Report – ISO 27001 / NIS2 compliance status + quick wins in 90 days.
Information Security Policy & User Charter – tailored for Microsoft 365.
Risk Register – prioritized, linked to ISO 27001 controls and Sentinel rules.
Power BI Dashboard – Secure Score, MFA adoption, Sentinel incidents.
Awareness Kit – Attack Simulator scenarios + video materials.
CISO Coaching – 2 days/month for 6 months for KPI review and adjustments.
Why BubbleStone?
Certified Experts: ISO 27001 Lead Auditor, SC-100 (Microsoft Cybersecurity Architect).
Microsoft Specialists: daily implementation of Sentinel, Entra ID, Defender.
Pragmatic Approach: we focus on what you already have in your E3/E5 licenses.
Independence: no resellers, 100% objective recommendations.
Ready-to-use Tools: PowerShell scripts, policy templates, KPI tables.
Next Step
Interested in a quick diagnosis?
Schedule 30 minutes with one of our CISOs to receive your ISO 27001 / NIS2 score and a targeted action plan focusing on Sentinel, MFA, and Defender.