ITK’s security portfolio is closely aligned with existing standardization activities such as ISO/SAE 21434 and IEC 62443. In this section, we show the generic security services that are relevant in all industry sectors.
ITK’s security portfolio is closely aligned with existing standardization activities such as ISO/SAE 21434 and IEC 62443. In this section, we show the generic security services that are relevant in all industry sectors.
.
.
Aligned with IEC 62443 & ISO/SAE 21434 Draft
.
Security Goals
Security Concept
System
.
Aligned with IEC 62443 & ISO/SAE 21434 Draft
In many cases, our customers are not sure where their products stand in terms of security. It is obvious that security is important, but it is unclear how much to invest in security, where to start or how to proceed.
Timelines are often tight, and decisions have to be made quickly to reduce time-to-market. At the beginning of designing a system, initial architecture and hardware decisions need to be made.
“What does ‘secure’ mean?” – a question that needs to be answered in every security engineering project. ‘Security’ is context-specific: while confidentiality is an important protection goal for passwords, it certainly is not needed for public news.
“Which security mechanisms have to be applied to make the system ‘secure’?” – this is the question that has to be answered once the meaning of ‘secure’ has been defined for the target system.
Testing the security of a system is challenging. It’s not about testing whether the product “works”, but testing whether imaginable attacks fail.
Software vulnerabilities can easily jeopardize the security of the system, even if its security concept and specification is bulletproof.
Software has to be tested to be reliable – the same applies to software security. A distinction can be made between functional security testing and non-functional security testing.
Code analysis tools can only identify specific types of vulnerabilities and often software or entire systems are too complex to be manually reviewed.
Engineers are human beings who can make mistakes. These mistakes can happen in each development step but also during integration.
Central to our work is the enablement of our customers. In addition to engineering projects and consulting tasks, we also build up the customer’s security expertise and awareness.
While bringing security into products is the first step on the road to push cybersecurity into a company, establishing cybersecurity processes and methodologies are required to get reproducible results.
In many cases, our customers are not sure where their products stand in terms of security. It is obvious that security is important, but it is unclear how much to invest in security, where to start or how to proceed.
Timelines are often tight, and decisions have to be made quickly to reduce time-to-market. At the beginning of designing a system, initial architecture and hardware decisions need to be made.
“What does ‘secure’ mean?” – a question that needs to be answered in every security engineering project. ‘Security’ is context-specific: while confidentiality is an important protection goal for passwords, it certainly is not needed for public news.
“Which security mechanisms have to be applied to make the system ‘secure’?” – this is the question that has to be answered once the meaning of ‘secure’ has been defined for the target system.
Testing the security of a system is challenging. It’s not about testing whether the product “works”, but testing whether imaginable attacks fail.
Software vulnerabilities can easily jeopardize the security of the system, even if its security concept and specification is bulletproof.
Software has to be tested to be reliable – the same applies to software security. A distinction can be made between functional security testing and non-functional security testing.
Code analysis tools can only identify specific types of vulnerabilities and often software or entire systems are too complex to be manually reviewed.
Engineers are human beings who can make mistakes. These mistakes can happen in each development step but also during integration.
Central to our work is the enablement of our customers. In addition to engineering projects and consulting tasks, we also build up the customer’s security expertise and awareness.
While bringing security into products is the first step on the road to push cybersecurity into a company, establishing cybersecurity processes and methodologies are required to get reproducible results.
