Typically, the company CEO does not agree with the company CISO, that is, the chief information security officer, and the business managers on how much one should invest in security matters. We help you to adjust safety and security to your company’s needs, no matter your line of industry or the size of your company. Our clients range from global companies to public sector actors and start-up businesses. With our security management services, we help our clients define security management activities on the organizational level and guarantee the continuity of your business with an acceptable rate of return on investments.
What we are good at:
- Digital security strategies and development programs
- Business continuity development
- Compliance with IEC 62443, ISO 27001, ISO 20000, and the Finnish national security audit criteria KATAKRI
- Risk management & risk-related security processes
- Security management as a service
- Secure service management
Our security audit services help you understand how attackers work, and give you tools to take their methods into consideration when developing security strategies. Our experts can analyze the attack surfaces in your system architecture, and to create a threat model describing potential attacks. Furthermore, thanks to our penetration testing we can identify any concrete vulnerabilities in your systems and show you how they can be attacked.
You can put your trust on us. Do not hesitate to contact us also in cases where you need someone to give you the worst-case scenario.
What we are good at:
- Modeling and analysis of attack surfaces
- Visibility of the services on the Internet
- Vulnerability analysis
- Penetration testing (Pen testing)
- Reverse engineering
- Security breach investigation
- Architecture analysis
Digitalization is currently both contributing to our well-being and making our organizations more productive. Simultaneously, we want to make sure that these new digitized systems are safe and that information processed in them is kept secure. Systems now being digitized can represent anything from medical devices to functional technology and embedded systems in the Internet of Everything (IoE). All of these are in need of actions that improve their information security. From digitalization’s point of view, cloud solutions are a source of almost infinite new possibilities. Simultaneously, they do also have risks. One has to remember that cloud services are not per definition information secure. Nevertheless, they can be made secure by applying the right kind of security controls.
With the help of our functional and technical expert service, you can make sure that your digitalization project is carried out safely and according to the best practices and instructions in the business.
What we are good at:
- Security management for multicloud and hybrid cloud solutions
- Cloud services compliance assessment (Finnish criteria for assessing the information security of cloud services PiTukri, CSA CCM)
- Technical security implementation (Azure, AWS, Google)
- Management of critical information in cloud services
- Technical architecture for and implementation of identity and access control
Industrial systems are affecting our lives perhaps even more than we realize. Without critical industry processes, for example, water distribution would not function without interruptions, nor would our business premises be safe and have central heating. Thanks to our expertise, we are able to assist in development of cyber security conformity for various systems by identifying the risk levels and vulnerabilities of these systems and by planning security solutions for them.
Our information security experts have extensive experience on both traditional and embedded software development and the standards regulating secure software development. We can help you improve the security of your products, so that both the product owner and your information security officer can get a good night’s sleep without worries about security issues. Our experts can also instruct you in how to manage the security requirements for CI/CD chains and create automatic security testing, not to mention other software development subareas.
What we are good at:
- Cyber security projects for industrial systems (IEC 62443)
- Technical security for embedded systems
- Traditional and agile software development security (Waterfall, DevSecOps)
- Security test automation
- Code analysis
The infrastructure on our planet is becoming more and more reliable on space. Thinking that space systems are immune to digital security threats couldn’t be further from the truth. Space systems have typically a very long lifespan. This means that their technology will inevitably be outdated as the years go by. This causes security threats. On the other hand, a system infrastructure built some 15 to 30 years ago dates from an era when digital security was not an issue at all. Consequently, the infrastructure is maybe not even equipped with the necessary controls to ensure cyber safety.
Companies in this new field of space industry are competing on who gets to launch unmanned aircrafts or drones first. In this competition, security is often put on second place compared with functionality. By comparing our know-how on this (new) domain of space with security, we can offer security-related development and testing services that enhance the safety and security of space systems.
What we are good at:
- Security standards of space systems
- Secure communication between ground station and satellite
- Data secure satellite information management
- Assertion of space systems
- Security of system interfaces
- Typical spacecraft cyber threats
On a technical level, a medical device is not different from any connected device in what comes to cyber security threats. What is important to note are the domain specific requirements to ensure safety of the patient and the medical device operators. This means, that any mitigation of a cyber security risk needs to be verified with regard to safety. A life supporting device cannot be shut down even if it has been hacked; neither can the device access control prevent the hospital personnel from acting in the case of an emergency.
Understanding the special needs of the medical domain combined with expert level knowledge on both cyber security and functional safety allows Huld to consult our customers with a holistic view on how to make medical devices cyber-safe without compromising their safety and usability.
What we are good at:
- Compliance of legislation and standards (ISO 13485, ISO 14791, IEC 62443, ISO 27001, ISO 27005)
- Safety & Security management and development
- Secure hardware and software development
- Secure architecture
- Secure cloud architecture
- Security testing