Nowadays complex systems in many industry domains are connected to each other in different ways. More and more safety-critical systems undergo this trend, too. For those systems safety without security is not possible any longer, because a security issue can lead to safety losses. With more than 25 years of experience in safety-related projects, Bertrandt Technology (formerly Philotech) founded the Embedded Security Competence Center in 2014 in addition to the Functional Safety Competence Center. From its headquarter in Cottbus, the Competence Center coordinates the other Bertrandt Technology (formerly Philotech) offices all around Europe.
Constantly gaining new experiences, the team is currently specialized for the following industry activities:
-
Security Audits and Assessments
-
Penetration Testing and Red Teaming
-
Secure Software Development / Application Security Management
-
Security Trainings
-
Process management for Information Security
Security and the System Lifecycle
Security is always a time dependent function. Even perfect security means of today can be obsolete tomorrow, because of technological improvements or more sophisticated attacks. Therefore it is important to manage the security of systems, devices or software components over the entire lifecycle. High quality development processes can reduce the overall costs by applying security related activities in all stages of a product's development lifecycle. Well defined and established incident response processes contribute to that in a way that occurring security problems are communicated targeted, investigated quick, and resolved immediately.
Trainings and Security Analysis
Awareness is the key factor in creating secure systems and should be present at all levels including Management, Engineering, and Testing. Therefore, the Center of Competence offers a variety of trainings, seminars and workshops to provide you with state of the art knowledge. With our strong background in software and hardware testing we are further able to perform all kinds of security assessments of your system, from high-level requirements and architecture review down to penetration testing and fuzzing techniques.
Independent Support and Guidance
Our highly qualified experts with various experiences in different industry sectors can help to apply best practices from those domains (e.g. RTCA DO-326A (aerospace), SAE J3061 (automotive), IEC 62443 (ICS)). Our consulting covers also comprehensive security aspects like Information Security Management Systems (ISO 27001, BSI-IT Grundschutz), or very specific aspects like security during software development (ISO 27034). Contact us for further information on seminars and workshops.
IT- and Embedded Security as part of Support Engineering
A holistic view on a system under development is indispensable to gain the utmost level of supportability. Reliability (R), Availability (A), Maintainability (M), Safety (S), Security (S) and Testability (T) often referred to as RAMSST are the fundamental supportability design disciplines for a modern, state-of-the-art system development process.
For further information related to the other RAMSST activities please visit our dedicated section Support Engineering.