Security Engineering

Our experienced security engineering experts support you in establishing and maintaining a secure IT infrastructure.

Security Engineering

Our experienced security engineering experts support you in establishing and maintaining a secure IT infrastructure

In order to ensure an adequate degree of security with acceptable costs, analytical and constructive skills must be combined with care and on various levels of abstraction. Our guidelines for secure software design and implementation help you to avoid security vulnerabilities and to take appropriate technical and organizational security measures in all phases of development and operation. Our Certified Professionals for Secure Software Engineering (CPSSE) can guide your staff in implementing the principles and practices of secure software engineering with high quality.

Security— as important as it may be — is only one of several qualities of a system. In most cases, it is not the primary goal of system development, but is only of secondary importance.

The usefulness of an IT infrastructure depends on many quality factors, and IT security is often in conflict with other quality factors. Therefore it is extremely important to follow an integrated quality assurance approach in order to achieve an optimal balance between safety and security on the one hand, and usefulness, usability, and cost efficiency on the other hand. In striving to achieve this optimum, our experts, whose experience spans many topic areas, make use of our integrated software engineering skills for your benefit. For example: We evaluate the usability of your security design and assess how security risks can influence the safety of your safety-critical system.

This is what we offer:


Our analysis methods support a modular procedure and make it possible to incrementally aggregate partial results for individual system components in order to derive security requirements for the overall system in a traceable manner.
We help you determine the requirements demanded for your individual product by security standards such as 21 CFR Part 11 or the Protection Profile for the Gateway of a Smart Metering System, which is based on ISO/IEC15408.
We check your products in order to assess their compliance with a particular security standard and to identify existing compliance issues. In addition, we help you present the results of your threat and risk analyses in such a way that you can easily and convincingly provide proof of standard compliance.
We analyze your IT infrastructure with regard to fundamental security requirements and generally recognized best practices.
We help you identify your greatest IT risk potential and secure your local IP networks.

 

CROCODILE

Crocodile™ is a security checking tool for router or firewall configurations. The tool supports the security analyst in detecting potential errors in the configuration settings of a router. It also supports serial examination by quickly scanning large numbers of configuration files. Crocodile™ can be easily adapted to individual evaluation criteria, either by specifying evaluation rules in a simple, but powerful rule format or by adding project-specific plug-in modules that dock at the flexible programming interface of Crocodile. Checking reports are generated in hypertext format, which facilitates screening of the checking results and of additional materials, such as suggestions for error elimination or web links to relevant pages of the router manual.