In the age of digitisation, data are becoming inestimably more valuable. They are a major asset for business and society alike in IoT, Industry 4.0, connected cars and smart cities. However, their encroachment on new areas of life has also turned data flows into sensitive targets for attack. Thanks to our long-standing expertise in embedded and classic IT systems, we can help to protect them.
Cyber security for networked products and systems is most effective and economical when it can influence the development from the very beginning (security by design). Our many years of experience in systems engineering for the automotive and aerospace industries makes us the predestined partner. We are familiar with the developer’s perspective as well as the security expert’s. And we are well-versed in the interactions between “safety” and “security”. The methods we use (such as STRIDE, MEHARI and the IT baseline protection of the German Federal Office for Information Security) are flexible enough to be used on any system. This way, we develop, integrate and improve effective security measures in all phases of the development process together with you.
- Structure analysis: Charting of the system to be analysed (target of evaluation) based on the general organisational and staff conditions provided, as well as technical system information
- Determination of the protection needs for all assets in the system (such as cryptographic keys or critical IT systems)
- Definition of the security requirements in observance of the relevant threats which could affect the system
- Risk analysis for all assets in the system
- Development of additional application-specific security measures
- Testing of the implementation of all security measures
- Implementation of security measures in the system
- Penetration tests to check the efficacy of the measures and methods as well as the correct implementation
- Achieve the greatest possible economically expedient security level for the target system
- Dependable competitive advantage
- Cost savings through increased system protection
- Security concept, implementation and inspection from a single source
- Time-saving integration of security into the development process
- Structured course of action through the use of proven methods
CYOSS created a security concept for the ethernet-based E/E architecture of a vehicle. Since the E/E architecture was in an earlier stage of development, we were able to drastically simplify the overall design of the architecture and give cyber security the attention it needs in the digital age.