From 14 to 18 October 2019, Dr Carlo Harpes participated in the ISO/IEC JTC 1/SC 27 ‘IT Security Techniques’ subcommittee meeting in Paris, as a part of the Luxembourgish delegation.
Posts By: Ingo Senft
Dr Carlo Harpes, Managing Director and founder of itrust consulting awarded with the ‘National Standards Delegate’ trophy
On 11 October 2019, ILNAS, in collaboration with the University of Luxembourg (Uni.lu), organized an information session to celebrate the 50th World Standardization Day.This event provided participants with an overview of the normative developments carried out within the framework of the national normative strategy 2010-2020 and the normative perspectives for the next decade.The award ceremony for the “National Standards Delegate” trophy was then held. This year, Dr. Jean-Philippe Humbert had the honor of awarding this prize to Dr. Carlo Harpes, Managing Director at itrust consulting Sàrl for his important contribution to technical standardization in the Grand Duchy of Luxembourg. Among other things, he represented Luxembourg in various plenary meetings of European and international organizations, led the creation of Luxembourg commentaries and was editor of normative documents.
Open TRICK
OpenTRICK is a general-purpose risk management tool conceived, developed and maintained by itrust consulting. It offers a wide range of features such as multi-user support, quantitative and qualitative analysis of risk scenarios, maturity assessment, access controls, import/export in Word or Excel, synchronisation with ticketing systems such as Redmine, JIRA, KIX… versioning of risk analysis, definition of risk profiles, embedding of own security control catalogues (such as DORA, GDPR, ENISA Security Objectif promoted by ILR for self-assessment, or international standards such as 22301, 27001, 27001, 27701, IEC62443, and PCI-DSS, using these catalogue for Risk treatment based on parametrization and estimation of ROSI and all these features support efficient risk management. It comes with a methodology (e.g. risk criteria definition) and a risk process compliant to 27001, 27005 and taking into account regulator-specific requirements such as those defined by CSSF and ILR. Covering the needs of historic customers including critical infrastructure, OpenTRICK is compatible to the SERIMA risk assessment module and can export the information in the json format based on a csv file mapping of the asset and risk name used by the customer to the corresponding names defined by the regulator. As an integral part of OpenTRICK, TRICK Cockpit is the real-time risk monitoring instrument, designed to monitor the cyber security aspects of intelligent smart metering, and on other critical infrastructure, e.g. water distribution networks. It combines security risk analyses with real-time measurable elements on the operational infrastructure, and it provides a central security management and supervision system. Typical measurement elements are alerts generated by firewall systems, incoming file scanning results, integrity of equipment configuration files, comparison of versions of installed programs with the list of latest versions considered secure, traffic analysis on certain networks. To this end, the infrastructure will be modelled as components and security measures (described according to recognized standards such as ISO/IEC 27002, and inspired by ISO/IEC 27004, indicators to evaluate the proper functioning of safety measures…). The risk evolution module can used by an organization to compare risk parameters over the years, used by a regulator to compare different regulated entities, or a group to display the result of different subsidiaries. As OpenTRICK is open source, it can be easily installed and maintained by the customer and all customers data transferred from the itrust hosted platform app.trickservice.com to the customer platform. This step is recommended as soon as parameters should be updated based on inputs from internal… Read more »
Thank you, Europe!
At the occasion of Europe’s Day, itrust consulting would like to thank the European Union, pointing out that 70 % of recruited employees since its foundation in 2007, are EU citizens, excluding the Luxembourgish citizens.Over the years itrust consulting has benefited significantly from the European Research & Development programs (FP7, H2020, ESA): itrust’s participation in Liveline, LASP, MICIE, SPARC, CockpitCI, iGoing, TRESsPASS, bIoTope, ATENA was funded with 2 million Euros.Furthermore, a turnover of more than 4 million Euros came from our consulting services towards European institutions.Without the European Union, our growth and quality of service would not have been possible.Happy Europe Day!
Your status on GDPR compliance?
More and more companies, including small organisation and ASBLs, have demonstrated compliance to GDPR . This is far easier to achieve than generally thought.itrust consulting has recently updated its service offer:GDPR templates: € 100 per language version to be filled in by yourself;A tailored ‘privacy statement for ASBL’ for fixed price of € 100:Send us your logo, statutes, website, and contact data. We will call you for a discussion on your current practices such as enrolment process, use of pictures of events… after which we will send a draft privacy declaration to be published on your website after review and addition of specific aspects;An introduction to GDPR: 1-day training at € 500 per participant (incl. licence to use the GDPR templates);Specialized GDPR training: 2 days on ‘Foundations of the GDPR’ (incl. exam) + 3 days on the role of DPO (incl. exam);GDPR support services: pay per day;DPOaaS: typically 2-5 days per year external support as Data Protection Officer.We are prepared and eager to support you!For more details, check our GDPR service offer description