Security

Know where you stand

A starting point for security work is understanding the risks and threats related to your business and the systems involved. We can help you to understand and handle information security risks and threats relevant to your organization. This help can include workshops, where key risks and threats are identified and documented, and corrections for them are planned.

When an important system component has an unknown security level, it is difficult to make rational decisions. We can help in decision making by identifying the most problematic issues. Our work can include the analysis of security features as well as testing the implementation or reviewing the hardening of the system. Best way to learn existing security issues is a security assessment. Security assessment service package can do any of these assessments for you.

Plan and implement secure architecture design

Security is an essential part of good architecture, whether it is traditional architecture, cloud-based architecture with Docker, or cloud native architecture. Good security architecture must consider multiple dimensions, such as the whole product life cycle including all stages of security (identify, protect, detect, respond and recover).

We have extensive experience designing architecture and implementing many different types of secure systems, including systems for user account management, intrusion detection, logging management and certificate handling. We can create the security architecture, support its creation or review a proposed architecture design for you. After the architecture is deployed it should be validated for security. Without this, simple oversights may be left for exploitation. We can validate the system security, including its hardware or software hardening.

If you face a challenging security environment, we can implement or prototype a necessary critical component for you. We know our way around x86, ARM, Power Architecture (PowerPC), FPGA, eFuses, ASICs, TPM, TrustZone, cryptography and secure boot.

Security development support can help you to improve security in development work.

Develop securely and efficiently

Handling the security as part of a development process can be challenging. We can guide you in making security an integral part of your development process. This work typically includes a development process gap analysis to identify the best methods in order to implement security efficiently. Also, we can participate as security experts in your development process, so that you get up to speed quickly.

An agile world requires an agile way of managing security; security must not slow down the work. We can help you fit security work into your agile way of working. Growing from DevOps to DevSecOps is no small achievement. We are experienced in both and can help with this.

After improving the way of working, it is important to validate and follow the execution. Wapice can help you to evaluate the results, both by looking at the execution of the process and by evaluating the security of the resulting system.

Secure development life cycle (SDLC) coaching can improve how security is handled in your development process.

Security management support

Good security management practices are an important part of maintaining security. Security management is often based on standards such as NERC, COBIT 4.1, NIST-800, ISO 27001, ISO 27005 and IEC 62443. We have built up a competence on these and can also help you. Wapice is an ISO/IEC 27001 certified company.

Our clients need to comply with various regulations relating to security. As regulations are gradually increasing, future proofing of security means being compliant not only with established standards, but also with key emerging standards. We have years of experience with clients in different sectors as well as industrial environments.