TrustPort, a.s.   Czech Republic

Profile

TrustPort is a security solutions developing company from the heart of Europe. Our mission is to secure and protect the data and the communications of our customers all around the globe. We provide tools to protect against known and unknown threats, for both home users and large enterprises as well as security services. Our security solutions are comprehensive products which include continuously developed antivirus and encryption technologies, anti-spam methods and anomaly behaviour monitoring AI techniques. We develop them with the outstanding know how of our experienced analysts and the newest cutting edge technologies and methods. With our products, your computer, or your whole company network, will be secured and protected against all modern cyber threats.

TrustPort brings into AQUAS its strong experience in security areas mainly focusing on assessment of security requirements for ensuring safety, performance and security of validated systems. We have strong experience in security services, such as penetration tests, security and compliance audits based on various standards (ISO 27000 family, ISA/IEC 62443, NERC CIP 002-009, NIST Guide to ICS Security, etc.) and wide internal know-how. Our specialized tools provide deep analysis of operating systems and communication between systems based on artificial intelligence.

TrustPort within the Czech consortium will exploit its rich expertise in malware detection, ICS and SCADA security, network behaviour analysis, SIEM (security information and event management), as well as methods for development of secure systems (such as SSDLC) ensuring the presence of security factor from the very beginning of SW lifecycle.

Relevant expertise

Participating in and leading various IT security projects like

  • Anti spam,
  • Project developed for National Security Authority with the aim to research proprietary implementation of asymmetric encryption algorithms based on the cryptographic method of elliptic curve algorithms. Target was to implement faster version of the elliptic curve algorithm and to propose adequate available HW smart card with crypto chip,
  • Implementation of complex documentation based on certification authority for pilot project of Ministry of Defence and Armed Forces of the Czech Republic,
  • Security consultancy and documentation base for banking, facility and government sectors.

Used standards and guideline

  • NIST SP 800-53 – source for security and privacy requirements;
  • NIST SP 800-64 – one of the approach to SSDLC;
  • ISO 27034 – framework for ensuring the security during PLC;
  • ISO 27001 family – source of best practice and security and privacy requirements;
  • OWASP ASVS – source for security and privacy requirements and verification use cases

Main tasks

  • WP2 – TrustPort will contribute to the study of requirements with an emphasis on the needs for analysis and assessment in WP3 and WP4. We will build our work on focusing on security aspects of individual Use Cases.
  • WP3 – TrustPort’s main task is to participate in design and improving of the methodology, on design definition and revision of security requirements. Then test and assess the implemented requirements during the safety and security verification phase.
  • WP4 task is to develop SW Tool implementing Secure Software Development Life Cycle (SSDLC) principles  for security verification compliance of AQUAS Design tooling in individual Tasks. TrustPort plans to implement an own methodology how to deliver security into software development lifecycle. Our methodology is based on proven security standards (such as NIST 800-53, OWASP ASVS, ISO/IEC 27034) and practice with system development and realization in security projects throughout the whole system life cycle (audits and analysis, penetration tests and security assessment, implementation of security controls and technologies).
  • WP5 – TrustPort will contribute to dissemination by using its existing client and tool user basis. Together with partner Brno University of Technology present project’s results in electronic media and on a conferences.