Security & Privacy
For RISE, IT system security has long been an essential discipline for the realisation of end-to-end secure solutions. From risk management to secure design and architecture, secure operation through to development, penetration testing and certification, RISE offers extensive expertise. RISE experts provide support from planning, implementation and operation through to the acute case (incident response and forensics).
Key factor for success
For many years, security has been an essential factor for the acceptance and success of systems and therefore requires special attention in the broad environment of modern IT technologies. Today, many everyday tasks are carried out via IT systems, mobile applications and the Internet and sometimes process highly sensitive data. A lack of security is therefore a risk factor that should not be underestimated, as regular reports of attacks and data breaches show.
Security as a process
At RISE, security plays a central role in the implementation of solutions. RISE offers a comprehensive end-to-end spectrum in this area and relevant experts are involved right from the start of projects. Security is explicitly taken into account as early as the concept development stage, the architecture is carefully planned and potential risks and countermeasures are identified and developed. An essential attitude of RISE is to see security as a process. This means that the foundations for a comprehensive consideration of this topic and the secure implementation of projects can be established at a very early stage.
An extensive portfolio from start to finish
RISE offers a comprehensive security portfolio throughout the entire implementation process, right through to ongoing operations. Standardised processes and tools are used, which have been optimised through numerous implementation projects for highly secure TI solutions. These include components/libraries, solutions for security during operation, tools for testing security aspects as part of test automation and penetration tests. RISE solutions are implemented in tested environments to high standards. Many of these are independently assessed and audited by external auditors. RISE's extensive expertise will also give your projects the security edge they need.
Security of RISE
RISE offers highly qualified security experts with excellent practical experience and knowledge in the field of IT security, cryptography, Public Key Infrastructures (PKI) incl. certificate validation/OCSP/CRL, software development & programming, penetration testing, security testing of enterprise networks as well as breach response, forensic analyses and general operation of security-critical infrastructures.
- Security testing and hardening of eGOV solutions
- Conception of security manuals
- Conception and development in the area of quality management, test environments and test tools
- Operation of safety-critical systems
- Development of security solutions, including implementation of Honeynet solutions for various applications, development and operation of SIEM solutions and SOC services for large ISO27001-certified IT environments
RISE has a broad portfolio of different projects and specialisations in the area of security and privacy. The following is a small excerpt and insight into RISE's expertise in the field of security and data protection.
RISE as a Qualified Body (QuaSte) for the security review of critical infrastructure
Expertise of the RISE Security Team
Activities of the RISE Security Team
RISE as a Qualified Body (QuaSte) for the security review of critical infrastructure
RISE was accredited as a Qualified Body (QuaSte) by the Federal Ministry of the Interior (BMI) in the context of the Austrian Network and Information System Security Act (NISG).
The applied test process and the methodology of the RISE security experts were examined with regard to their application to systems and applications as part of critical infrastructure. As an accredited "Qualified Body", the security experts at RISE are able to use their experience in dealing with various security-critical systems - from common web/mobile applications to high-security projects, smart cards, hosts and cloud infrastructures - to support you at any time in strengthening the security of critical infrastructure!
Expertise of the RISE Security Team
For RISE, IT security is a passion. We take a holistic approach to IT security and deliver corporate security through corporate experience. Our industry experience in security-critical projects is the benefit for the IT security of our customers. Our references from private companies to large public institutions - even with very high security requirements - speak for themselves.
Thanks to an extensive range of industrial certifications, RISE is always up to date in the highly dynamic security sector. Among others, the security experts at RISE hold the following certifications:
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Offensive Security Web Expert (OSWE)
- Offensive Security Experienced Penetration Tester (OSEP)
- eLearnSecurity Certified Professional Penetration Tester (eCPPT)
- eLearnSecurity Web Application Penetration Tester (eWPT)
- eLearnSecurity Certified Penetration Tester eXtreme (eCPTX)
Numerous RISE employees come from a scientific background or actively conduct research in the security environment. RISE can draw on numerous employees with successfully completed dissertations in the security environment and RISE employees frequently conduct training courses for companies or in the university environment at all levels of education.
Activities of the RISE Security Team
RISE employees in the security area have excellent practical experience in the area of open source software and actively contribute to the open source community. These relevant resources can be utilised in the course of the individual service calls in order to coordinate developments in the communities when selecting test objects (libraries, applications).
- Linux kernel development
- Apache Software Foundation
- Committer in various open source projects
- RISE conducts ongoing analyses (black and white box) of OSS for vulnerabilities and reports these to the OSS projects
RISE employees are part of the scientific (security) community and take part in globally relevant research projects. One example of this is an internationally recognised security vulnerability in the TLS protocol discovered by RISE employees: In 2015, RISE discovered (and closed) an internationally sensational vulnerability in the TLS protocol (global protocol on the Internet) that allows attackers to carry out a so-called man-in-the-middle attack and thus read private data on secure websites (e.g. Facebook, eBanking) and change it at will. Facebook honoured the discovery with the BugBounty Award. RISE publications and procedures on KCI attacks against TLS are Available at https://kcitls.org.
As part of the community of IT security capture-the-flag (CTF) contests, RISE employees regularly take part in worldwide security contests via the "Defragmented Brains" team or organise corresponding contests for customers themselves as training in the security environment. In this area, ongoing training is a key success factor in order to be able to react quickly in an emergency and to be able to cover a broad and extensive spectrum of security vulnerabilities.
Security in the healthcare sector: The key to trust
The security of healthcare data is not just an obligation, but the core of trustworthy medical care. Whether ePA, eID or healthcare infrastructures, we understand the protection of sensitive data at all levels.