- ICT / Telecom / Media
- Software Developers
- Digital Service Providers
- Medical Devices
Secura is independent which allows us to provide our clients with reliable knowledge and high quality insights.
Our experts create comprehensive and detailed reports with clear management summaries.
Our services are built around recognized standards and metrics
Security and privacy are of crucial importance in our new way of living considering that there is a constant threat that hackers can misuse vulnerable products and services. They may enter our systems at home or at work and obtain our personal credentials or privacy-sensitive information. They may commit fraud or misuse our infrastructure to attack other systems.
Software developers and manufacturers need to take care of the security of their products and services. When it comes to software, it is strongly recommended to start early on in the software development life cycle, and to have an independent security assessment carried out at least once a year. In addition, the organization must actively deal with information security and prevent its own intellectual property from being stolen.
There are lots of standards, best practices and guidelines which can be used to ensure security within an organization, a product or a service. Think for instance of ISO 27001, ISO 27.017 for Cloud Security), OWASP Guidelines, NIST Guidelines and the ETSI/EN IoT Security Standard.
Regulators focus more and more on the domain of Security and Privacy. The USA and the EU regulates the security of medical devices through directives and regulations. UNECE helps regulating the security of new car types. In Europe, privacy is regulated through the General Data Protection Regulation (GDPR) and Digital Service Providers have to comply to the Network and Information Security (NIS) directive.
Secura has a lot of knowledge and experience with these standards and guidelines, and helps organizations with the implementation and management.
In an organization, employees have access to internal systems and valuable data. Attackers abuse the human factor and use techniques such as phishing and social engineering. To support Chief Information Security Officers (CISOs) and Data Protection Officers (DPOs) an extensive security awareness & behavior program is desired. With this program you bring knowledge to your employees and change their behavior in a positive way.
Employees have access to important data, exchange important files, and even though they might have the knowledge and be aware of security aspects, however to get them to behave accordingly requires a comprehensive security awareness & program.
Your organization has to deal with information on a daily basis. Information from and about customers, but also employees, suppliers and other stakeholders. When your suppliers have a less rigorous security approach, this can put you at risk. Security needs to be part of vendor management. From a process perspective, most organizations have processes and controls in place as defined in ISO 27001.
With more and more technology interconnecting through cloud, mobile apps, devices etc. and intertwining with our lives, such as network devices, automotive, medical devices and IoT. Each of these systems need to be (pen)tested separately and checked for vulnerabilities, but often the danger hides in the grey areas between different systems. Even with reputable SIEM/SOCs in place, these control systems cannot be trusted blindly. Our Red Team thoroughly assesses security with detail (including social engineering), while our training courses support your team to learn how to incorporate security independently. Secura also works with many established and recognized standards and schemes that you can comply to and certify for.
Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.