softScheck Cyber Security SealComprehensive audit certification
The CyberSeal is awarded after a comprehensive audit using the softScheck Security Testing Process. The certification is valid for 2 years and requires a repeat audit to be maintained. Using both tool-based and manual auditing methods, the CyberSeal confirms that a full security investigation has taken place in accordance with ISO 27034 and that all identified security vulnerabilities have been addressed.
Scope of Certification The certification is awarded to companies that have had their product, infrastructure or individual parts of the infrastructure examined for security vulnerabilities using the softScheck Security Testing Process. For larger IT service providers the scope of the certificate can be limited and issued for a part of the company. The scope must be defined in advance. If the scope only concerns parts of the infrastructure with all its components, the audited scope will be noted on the seal.
Goals of the CyberSeal The CyberSeal has high requirements for the system to be certified. In addition, the latest developments in security vulnerabilities are incorporated into the adapted standard. With its certification, the CyberSeal offers the following advantages in the area of information security:
- The CyberSeal considers the embedding of IT with a high standard to cover the security measures. It is especially addressed to the companies that want to achieve a high level of security in their systems.
- The CyberSeal ensures that security measures are implemented.
- The CyberSeal supports the implementation of the ISO/IEC 27034 standard through its audit process.
- The CyberSeal serves as evidence of a high level of IT security.
Performance of the audit The execution of the audit results from the softScheck Security Testing Process. This must be successfully completed and consists of the following test methods:
- Requirements Analysis: development of software with appropriate security level
- Threat Modeling: modeling potential threats based on the security architecture
- Static source code analysis: detailed examination of source code
- Dynamic analysis: identification of previously undetected vulnerabilities
- Penetration Testing: controlled attacks to identify security vulnerabilities
Upon completion of each testing method, a corresponding security audit is created to implement appropriate security measures. To prove security vulnerabilities, our security experts provide proof of concept exploits as needed and assist with bug fixes for the identified vulnerabilities. This will enable your software development team to release a patch in a very timely manner. After successfully completing all testing methods, as well as fixing all vulnerabilities, the CyberSeal can be issued.
Costs of the audit The cost of the audit consists of the execution of the Security Testing Process, as well as the issuance of the CyberSeal. For a maintenance audit, a re-audit must be performed by softScheck. For an exact price calculation, a cost estimate can be provided for the system to be certified.
Do you want support in securing your systems and products, then contact us!