Itrust consulting


itrust consulting s.à r.l., a 16-year-old, recognized actor in Luxembourg’s and Europe’s Information Security field, certified according to ISO/IEC 27001, consults its customers coming from public, financial, and private sector to protect their information against divulgation, manipulations and unavailability. The company acquires know-how in engineering and sciences, enabling it to find the economically appropriate solution for a specific security requirement. It applies and develops research projects, norms, security controls and information processing techniques, covering topics such as information security management systems, risk management, business continuity management, incident management, digital signature, cryptology, network security, internet security, critical infrastructure protection, space, computer forensic, etc.


Consulting services, sourcing and innovation studies

Management and guidance of security projects. Critical Infrastructure protection. Technology integration and assistance (PKI, VoIP, virtualisation, etc.). Risk analysis (TRICK Service™). Forensic and malware analysis. Personal data protection, Data Privacy Impact Assessment (DPIA) following GDPR. Assistance to CISO and DPO. Managerial monitoring of security issues. Incident response team.


CERT services (e.g., SIEM, penetration testing and vulnerability assessment of hardware (network, server mobile devices, smart cards, firmware), software, web applications, and access security).

Organizational audit

ISO 2700x. ISO 20000. ISO 27799. IEC 62443. Business referentials (PSF, PSDC). Legal referential (EU directives, grand-ducal regulations, CSSF). Protection of personal data (CNPD).

Technical audit

Code review (OWASP, SANS, etc.). Equipment configuration review. Critical Infrastructure, SCADA. Wireless infrastructure. Data Protection. PCI-DSS. ISO 15408 (Common Criteria). CSSF Compliance. EuroPriSe. CNPD compliance.

Elaboration of security tools & services

TRICK Service™ (risk assessment)

TRICK Cockpit (real-time risk monitoring)

ESA ECSS compatible requirements engineering and software validation tool

LASP: provide assurance to location services that locations indicated are trustworthy.

Training services

Introduction and practical advice to comply with GDPR – Data Privacy; GDPR foundation certification – principles, legal framework and compliance; Data Protection Officer (DPO) – certified; ISO/IEC 270xx workshop; Risk Manager certified for DPIA (guided by ISO/IEC 27005); ISO/IEC 270xx workshop; Lead Implementer ISO/IEC 27001 – certified; ISMS Lead Auditor ISO/IEC 27001 – certified; PSDC – eArchiving training session; Security awareness 4 your employees; etc.


TRICK Tester (penetration testing platform); Galileo receiver; GPS repeater; Requirements engineering and software validation tool designed to include support for ESA ECSS: based on open standards and architectures, it provides advanced traceability features and enables dynamic linking of artefacts produced in heterogeneous environments (e.g. diagrams, source code, test cases); Expertise in design and development of simulation tools for modelling classical/quantum systems and communication channel properties, e.g. in ground and space setups for quantum key distribution.


EU institutions, national public administrations, private service providers, critical infrastructure providers, e.g. energy distributors, ESA, etc.


itrust consulting has a strong track record in managing nationally funded projects such as CELTIC Bugyo Beyond on Security Assurance, ITEA2 Diamonds on Security testing, SGL-Cockpit on risk monitoring of critical infrastructures, and CELTIC CRITISEC. Moreover, itrust has experience in multiple EU projects, e.g., iGOing, LiveLine, CockpitCI, ATENA, TReSPASS, bIoTope (H2020), and ESA projects, e.g., LASP, QUARTZ, LuxQCI, Lux4QCI and EAGLE-1.

Within the framework of IPCEI-CIS[1], the call for projects of the Luxembourg Ministry of the Economy, and as part of the CLAUSEN[2] consortium to create an open cybersecurity data economy, itrust consulting, together with itrust Abstractions Lab, contribute with their joint CyFORT[3] project by designing and developing several tools, such as IDPS-ESCAPE[4] (open-source cloud-oriented SIEM and IDS, powered by state-of-the-art machine learning), SATRAP-DL[5] (threat-intelligence-related activities) and C5-DEC[6] (involving Common Criteria, cryptography and security analysis of cyber-physical system).


[1] Important Project of Common European Interest – Cloud Infrastructures and Services

[2] Cloud & data security resource centre

[3] Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience

[4] Intrusion Detection and Prevention Systems for Evading Supply Chain Attacks and Post-compromise Effects

[5] Semi-Automated Threat Reconnaissance and Analysis Powered by Description Logics

[6] Common Criteria for Cybersecurity, Crypto, Clouds – Design Evaluation and Certification



Last update