- Central Government
- Regional & Local Government
- Independent Government Bodies (ZBOs)
We are a GGI Veilig Vendor and selected for multiple framework agreements on Central, Regional and local level.
We have partnerships with many universities and high schools by performing research, providing lectures and traineeships.
We are accredited for delivering BSPA to the Dutch Government as well as assurance audits for DigiD, ENSIA, Suwinet and VIPP.
To protect public data is not an easy task. The attack surface is wide. Hackers may attack public information systems from various angles with all kinds of objectives. Cybercriminals force victims to pay ransoms or use data to blackmail people. Others may want to simply expose confidential data to the public. Even nation states are active: to influence elections or to frustrate the society in another country or continent. There are many serious threats which public organizations need to defend themselves against.
Security is a matter of People, Process and Technology. Recent large cases of phishing and social engineering are proof that even established organizations are still vulnerable to the human factor. Organizations with Chief Information Security Officers (CISOs) and a Data Protection Officers (DPOs) in charge of security, must face the reality that the human factor needs to be addressed through continuous attention. Employees have access to important data, exchange important files, and they might even have the knowledge and be aware of security aspects. However, to get them to behave accordingly requires a comprehensive security awareness & behavioral program.
From a process perspective, an Information Security Management System (ISMS) is required by regulation. Most of these are based on processes and controls as defined in ISO 27001. The Dutch government uses the ‘Baseline Informatiebeveiliging Overheid’ (BIO), schools and universities rely on SURF guidelines and Dutch healthcare providers use NEN 7510 as a baseline for information security. It is important to have these systems in place and act accordingly. Especially when it comes to dealing with sensitive public data, annual assurance assessments are required for DigiD / ENSIA / Suwinet / VIPP / NVZ / NEN 7510. As well as up-to-date privacy/GDPR/DPIA agreements.
When it comes to technology, public organizations may use a wide variety of systems and technologies. Ranging from old legacy systems, applications and infrastructure to software hosted by a cloud service provider and mobile apps, each of these can contain undiscovered vulnerabilities that require to be (pen)tested. Our Red Team thoroughly assesses security within detail in both information technology and operational technology (to manage buildings, bridges and traffic) environments. Even with SIEM/SOCs in place, these systems can’t be blindly trusted. For public welfare, it is of utmost importance that these systems are continually tested and monitored from a security point of view.
Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.