FAQ - Cybersecurity, audits, penetration tests and training

Clear answers about QS Cybersecurity services: positioning, penetration testing, audits, training, mission organization and contact.

FAQ

Services and positioning

Are you a firm or an independent consultant?

QS Cybersecurity is a structured provider operating like a consulting firm, with a proven methodology, professional deliverables and the ability to handle complete assignments from scoping to final presentation.

What types of organizations do you work with?

The services are mainly intended for:

  • SMEs,
  • organizations with a structured information system,
  • technical teams, CISOs and management teams seeking to improve their security level,
  • external CISOs looking to work with a trusted cyber partner for their clients.

FAQ

Penetration testing

What is a penetration test?

A penetration test is a controlled attack simulation designed to identify and exploit technical vulnerabilities in order to assess the real security level of an information system. The objective is to simulate the behavior of an opportunistic attacker.

Which standards and methodologies do your penetration tests rely on?

Penetration tests are carried out according to recognized methodologies, including:

  • OWASP (Top 10, ASVS),
  • penetration testing best practices,
  • field expertise from real-world assignments.

Do you provide a penetration test report?

Yes. Each assignment includes:

  • a detailed technical report,
  • an executive summary,
  • clear and actionable recommendations.

FAQ

Security audits

What is the difference between an audit and a penetration test?

A penetration test simulates a real attack.

An audit analyzes design, configuration or code without intrusive exploitation.

The two approaches are complementary.

What is a source code review?

A source code review consists of analyzing an application’s code to identify:

  • security vulnerabilities,
  • design flaws,
  • poor development practices.

Which standards do source code reviews rely on?

Source code reviews rely in particular on:

  • OWASP ASVS,
  • ISO/IEC 27001,
  • recommendations from ANSSI.

What is a configuration audit?

A configuration audit aims to detect misconfigurations in systems, services or infrastructure, which account for a significant share of security incidents.

Which standards do you use for configuration audits?

Configuration audits rely on:

  • CIS Benchmarks,
  • ANSSI publications,
  • official recommendations from the vendors of the audited solutions.

What is an architecture audit?

An architecture audit analyzes the overall design of an information system (flows, dependencies, trust zones) to identify structural risks and improve overall resilience.

FAQ

Training and awareness

Do you offer cybersecurity training?

Yes. QS Cybersecurity offers:

  • technical training courses (Linux security, secure web development),
  • job-oriented training courses,
  • cybersecurity awareness sessions for employees.

What does cybersecurity awareness training involve?

Cybersecurity awareness training is a short training session (around 2 hours) designed to:

  • understand current threats,
  • adopt the right reflexes,
  • reduce human risks (phishing, passwords, mobility, AI, etc.).

Can the training courses be customized?

Yes. Each training course can be adapted to:

  • the business sector,
  • the participants’ level,
  • the organization’s tools and constraints.
  • This is customization. A change to the training program itself is a bespoke service and requires a specific quote.

FAQ

Mission organization

How does an assignment work?

Each service follows a structured approach:

  • Scoping (objectives, perimeter, constraints),
  • Technical execution,
  • Risk analysis and prioritization,
  • Final presentation and recommendations.

Do you work remotely or on site?

Audit and penetration testing services can be carried out remotely, with the exception of internal penetration tests.

Training courses can be delivered remotely. However, the quality level is significantly higher on site.

Do you provide support after the assignment?

No. Each service provides all the elements needed to:

  • understand the results,
  • prioritize actions,
  • implement fixes.
  • However, we can refer you to a trusted partner to support you in implementing the fixes.

FAQ

Trust and credibility

Why use an external provider?

An external provider brings:

  • an independent perspective,
  • specialized expertise,
  • the ability to identify vulnerabilities that are not visible internally.

Why choose QS instead of a well-known firm?

We offer greater flexibility and more competitive rates than large cybersecurity firms, without compromising on quality. Our dual audit and training expertise allows us to help secure your company sustainably with a decreasing budget over time.

Do you follow French best practices?

Yes. Services rely on ANSSI recommendations, recognized standards and field experience in professional environments.