• en
  • sv
  • da
  • INFORMATION AND CYBER SECURITY

    The complexity of IT and information management has snowballed over the past decade.

    Companies and organisations are dependent on the constant growth of an infrastructure made up of networks, servers, applications and systems, all of which are used to support their business-critical operational processes.

    Unfortunately, IT infrastructure is exposed to advanced and systematic attacks on a daily basis.

    Protecting business-critical information and the IT system is a challenge that requires specialist skills and experience.

     

    IT RISK MANAGEMENT AND INFORMATION SECURITY

    2Secure uncover current threats, provide a current picture of vulnerabilities and risks and handle and resolve identified risks and security breaches.

    Broad expertise and in-depth experience in the field enable us to support our customers in all aspects of operations. The handling of security challenges in complex IT environments is part of our daily life.

    Cyber Threat Intelligence

    Cyber Threat Intelligence

    Today’s companies operate on a global market. Historical incidents show the importance of working systematically and proactively with the operative risks that a company is exposed to.

    A central part of our proactive security work is to continuously evaluate threats and the threat landscape in order to identify and manage threats and risks at an early stage. 2Secure’s Early Warning service is an information service for companies that need a high level of confidence in its stakeholders and its surroundings.

    There are potential threats brewing that may have a negative impact on the company’s brand and goodwill. It is important to discover and evaluate these at an early stage in order to be able to employ risk management and mitigate any negative effects. These risks could be media portrayals or other public allegations of violations of sustainability issues, but also internal disruption within the organisation or in the company’s IT environment.

    Information Security Governance

    Information Security Governance

    In order to achieve good information security, it must be linked to the company’s operations, its objectives and its business risks.

    We help our customers with efforts to improve their leadership and governance of work with risks within the field of information security. Our efforts include everything from threat and risk analyses, internal management processes, procurement support and governance for compliance, audit, review, strategic advice and staffing a CISO role.

    Managed Security Services – MSS

    Managed Security Services – MSS

    Our services within MSS are active support for companies who can utilise our key competence within Cyber Security.

    The service is focused on specific areas which, through our experience, we know create major challenges for companies to deal with on their own. Our MSS customers can feel safe knowing that our Security Operations Center (SOC) monitors their security, meaning they can therefore focus their own resources in developing and supporting the business. We manage ongoing Vulnerability Management, SIEM and analyses of security-related information from logs and alarms. Our Computer Security Incident Response Team (C-SIRT) is ready 24×7 to rapidly be able to investigate and remedy any IT security incidents.

    Application Security

    Application Security

    Application security analyses include a review of an application in order to identify security breaches. The analysis is carried out with access to the system.

    An application security analysis includes the following:

    • Re-engineering – analysis of program logic.
    • Authentication – checking log-in functions and access protection.
    • Session management – analysis of access control for users, groups and roles.
    • Input data management – checks on input data, error handling, SQL injection, XSS, etc.
    • Output data management – analysis of application files, parameters, cookies.
    • Information leakage – analysis of error messages, program comments.

     

    The analysis can be supplemented with source code review, which includes detailed analysis of the application’s program code. The review is carried out with access to the system in order to be able to more securely follow the flow in the application via logs and debugging data.

    Cyber Security Testing

    Cyber Security Testing

    Testing the IT system allows a company to discover security breaches and vulnerabilities before anyone else does.

    Our tests can be focused on anything from the entire network to specific IT systems and include advanced analyses to assess the target system’s resistance to attacks. We work systematically in the test process and apply manual testing methods combined with both commercial and proprietary testing tools to achieve precise results. The tests we carry out include scenario-based penetration tests, configuration reviews and forensic analyses.