MENU
In an enterprise IT takes care of all PCs, OSs, internet connections, production pc, servers and data storage in terms of security (confidentiality, integrity, availability,...).
But there is another focus for an enterprise who develops products with embedded software. It has some overlaps but in itself needs to be analyzed differently. The traditional IT security solutions do not scale well. It is not possible to just take ISO27001, use your normal ISMS or use firewall/antivirus and think your security will do what you (really) need. The same is true same for the promises about KI, blockchain and other magic solutions to solve all security demands you have.
More and more this embedded products are connected and the attack surface grows. As a smaller business we know exactly what we can offer you. With our experiences we can determine together with your personal the wished (or needed) level of security. If you already have a security team working in your business we like to work together, otherwise we collaborate with security-liking employees or even educate interested ones. We document and analyze your current strengths and weaknesses in the security topic.
Our biggest value we help you with is to get a view of the whole chain: Development, production, service and during the whole lifetime. Only if you see security as a whole chain you get in a position to take the right decision.
A chain is only as stable as the weakest link. And an attacker will find the weakest link. Therefore it is really important to look at the whole chain (or left and right of it) and detect weaknesses and strength. It does not make sense to have really strong, expensive and cumbersome security in one place if there is just a faint cord next to it to hold everything together.
The goal is to empower your employee in such a way that they are able to recognize which decision bother with security and bring in processes how and who can take such decision on behalf of the business. The next step is to train them. The goals is that they are able to identify themselves critical parts and know which steps need to be taken. So your business is ready to not loose money or reputation.
The course of action differentiate strongly according to your requirements: Plan a new project from the beginning with security in mind, analyze an existing product, help on a concrete incident or what we like the most is doing the fundamental work to get your security level for embedded products overall into shape.
The first step is always a clear breakdown what security requirements you really have. This should happen together with product management and product engineering. Because security is not only a technical feature but a business requirement which is fulfilled from engineering as good as possible. Depending on the outcome the continuation is quite different. We could start with trainings for the software engineers or continue with a precise risk and threat analysis or with the buildup of an incident management system or new guideline for the development or ...
We would like to go with you the next step.
In the following topics for embedded products we can help you. The order and what is needed vary from business to business.
Risk analysis
Analyze the whole chain
Threat analysis
Implement security in a new project
Analyze running project
Personal development: Detect security relevant situation on themself
Analyze current security process
Define needed security level
Incident management
Security concept
Build up security team
Support concrete problems as external expert
Requirement engineering
Implement new processes
Test of current systems
