How do we acquire high assurance?
That something is “secure" is a trait that is becoming increasingly desirable. How nice would it not be to be able to trust security fully in all the technology that our systems require? Security requirements are constantly rising. What do you do in systems where it must never go wrong, when it really must be secure? It is difficult to measure security - this is the reason why we prefer to talk about assurance, rather than security.
Why do we talk about assurance rather than security?
Although it is possible to define what you want for a given situation, for example 'It should not be possible to hack the network!', security is almost impossible to verify. There are no absolute methods that can extract a value and place it on a scale of what the security level is for a particular technical gadget. So, both stating requirements on security and measuring it is difficult. That it is difficult to measure security is the reason why we prefer to talk about assurance, rather than security.
How do you define assurance?
Advenica uses the following definition: “Assurance in security means the degree of confidence that a product or system correctly performs its required security functions and that they cannot be circumvented.”
Assurance is not an absolute feature either, but it shifts the discussion to something that you can actively act on. For example, what activities and methods have been used to increase the likelihood that the security product will behave securely? These can be methods for defining security requirements, choice of architecture, design choice and quality assurance methods.
In recent times, it has also proved important to look beyond the design and consider the risks in the manufacturing of the security product. In addition to activities under development and manufacturing, the assurance needs to be maintained after a security product has been distributed. As a respected security company, it is natural that you continuously monitor the outside world and inform your customers if the security, or the assurance, is affected in the delivered solutions if weaknesses are found or when trust in some technology is changed.
What we can offer
Advenica offers solutions for cybersecurity that meet the very highest security requirements. We analyse, design and implement security solutions that prevent intrusion, data leakage and manipulation of information worthy of protection. We control every step from design to aftermarket to ensure high assurance. Read more about how we can help you with your cybersecurity solutions here!
You can also read more about our product development with high assurance in our Whitepaper "High Assurance Product Development".
To learn more about assurance, read our know-how!