Today, IT system and software security has become critically important, because increasingly sophisticated technologies and ever-greater interconnectivity is empowering malicious users whose actions can have a dramatic impact on the privacy of both enterprises and individuals. Security expertise addresses these concerns specifically, throughout the software engineering life-cycle, with audit based security requirements engineering, security policy modelling, secure architecture design, security-oriented code analysis and preparation for security certification, such as the Common Criteria.
The security of information systems is the set of measures and controls that are put in place to ensure confidentiality, integrity, and availability of the information being processed and/or stored by the information systems. These measures and controls span across various domains such as technical, organizational, legal, and societal. A security infrastructure is deployed to assure the protection of information systems by mitigating risks to the information assets. It is developed to meet the objectives of the security policy that is defined on the basis of the risks analysis carried-out in line with the threats analysis. There is no single security mechanism that can answer all the security requirements. A range of these mechanisms include ciphering (cryptography), access control, trusted functionalities, security monitoring, incidence response, and audit trails.
The notion of trust in the information systems has been receiving increasing attention ever since the open environments are gaining grounds in the computing world. The comoditisation of the computing resources offers fascinating prospects for the individuals and businesses, where they can use inexpensive computing environments at no total cost of ownership (TCO). However, the downsides of this paradigm are the concerns related to data protection and privacy issues. The stakes are much higher when it comes to the personal, social, financial, or business interests. It is therefore necessary to develop trust between the providers and consumers of information services in the cyberspace. Trust is no doubt a subjective judgement of humans, technology can nevertheless play a significant role in resolving trust issues by providing reliable means such as security testing (e.g. penetration testing), and monitoring of service level agreements (SLA).
It is important to remember that security is not a product, it is a process that should be regularly revised and updated. It is the quality of security services that constitute the basis of trust in the information systems.
This area is very wide, is related to many disciplines. CETIC takes into account the security dimension through its various expertises.
Federated learning for robust, resilient, and adaptive protection of computer...
More
Cyber Ranges virtualized infrastructure update methodology
More
Excellence program dedicated to cybersecurity
More
Cybersecurity test platform demonstrator for industrial cyber-physical systems
More
Agenda
See relevant events
06.12.2024
06.12.2024
CETIC talks
Save the date
En savoir plus
04.10.2024
04.10.2024
External activities
Belgium’s Cyber Security Awards programme rewards different types of personalities who make a significant contribution to improving cyber...
En savoir plus
13.09.2024
13.09.2024
CETIC talks
Cas d’utilisation d’une Infrastructure de communication quantique (ICQ)
En savoir plus
26.08.2024
26.08.2024
CETIC talks
Green Blockchain, Cybersecurity, and Collaborative AI
En savoir plus
17.04.2024
17.04.2024
Software industry
Cyrus Project
En savoir plus
28.09.2022
28.09.2022
Software industry
Philippe Massonet speaks about the achievements made by the SPARTA project on cybersecurity certification
En savoir plus
Publications
07.02.2024
07.02.2024
Publications scientifiques
Xavier Lessage, Leandro Collier, Charles-Henry Bertrand Van Ouytse, Axel Legay, Saïd Mahmoudi and Philippe Massonet, Secure federated learning...
En savoir plus
30.09.2022
30.09.2022
Communication scientifique
Product Incremental Security Risk Assessment using DevSecOps Practices. Sébastien Dupont, Artsiom Yautsiukhin, Guillaume Ginis, Giacomo Iadarola,...
En savoir plus
31.05.2022
31.05.2022
Publications scientifiques
Christophe Ponsard, Mounir Touzani, Valery Ramon, Méta-modèle des concepts et processus d’analyse des risques selon les normes de cybersécurité,...
En savoir plus