itrust consulting s.à r.l., a 13-years-old, recognized actor in Luxembourg’s and Europe’s Information Security field, certified according to ISO/IEC 27001, consults its customers coming from public, financial, and private sector to protect their information against divulgation, manipulations and unavailability. The company acquires know-how in engineering and sciences, enabling it to find the economically appropriate solution for a specific security requirement. It applies and develops research projects, norms, security controls and information processing techniques, covering topics such as information security management systems, risk management, business continuity management, incident management, digital signature, cryptology, network security, internet security, critical infrastructure protection, space, computer forensic, etc.
PRODUCTS & SERVICES
Consulting services, sourcing and innovation studies
Management and guidance of security projects. Critical Infrastructure protection. Technology integration and assistance (PKI, VoIP, virtualisation, etc.). Risk analysis (TRICK Service™). Forensic and malware analysis. Personal data protection, Data Privacy Impact Assessment (DPIA) following GDPR. Assistance to CISO and Data Privacy officer. Managerial monitoring of security issues. Incident response team.
Penetration testing and vulnerability assessment of hardware (network, server mobile devices, smart cards, firmware), software, web applications, and access security.
ISO 2700x. ISO 20000. ISO 27799. IEC 62443. Business referentials (PSF, PSDC). Legal referential (EU directives, grand-ducal regulations, CSSF). Protection of personal data (CNPD).
Code review (OWASP, SANS, etc.). Equipment configuration review. Critical Infrastructure, SCADA. Wireless infrastructure. Data Protection. PCI-DSS. ISO 15408 (Common Criteria). CSSF Compliance. EuroPriSe. CNPD compliance.
Elaboration of security tools & services
LASP: provide assurance to location services that locations indicated are trustworthy. TRICK Service™ (risk assessment). TRICK Cockpit (real-time risk monitoring).
Introduction and practical advice to comply with GDPR – Data Privacy; GDPR foundation certification – principles, legal framework and compliance; Data Protection Officer (DPO) – certified; Risk Manager certified for DPIA (guided by ISO/IEC 27005); ISO/IEC 270xx workshop; Lead Implementer ISO/IEC 27001 – certified; ISMS Lead Auditor ISO/IEC 27001 – certified; PSDC – eArchiving training session; Security awareness 4 your employees; etc.
TRICK Tester (penetration testing platform); Galileo receiver; GPS repeater; Requirements engineering and software validation tool designed to include support for ESA ECSS: based on open standards and architectures, it provides advanced traceability features and enables dynamic linking of artefacts produced in heterogeneous environments (e.g. diagrams, source code, test cases); Expertise in design and development of simulation tools for modelling classical/quantum systems and communication channel properties, e.g. in ground and space setups for quantum key distribution.
EU institutions, financial service providers, critical infrastructure providers, e.g. energy distributors, ESA, Lux. Ministries, etc.
MAJOR SPACE PROJECTS
CRITISEC project: developing security products, services and standards for edge networks in critical infrastructures. itrust consulting develops an intrusion detection system (IDS) and tailors it to an IoT environment. In the context of space ICT, both ground and space segments would be natural candidates for such IDS tools.
QUARTZ project: aims to develop a satellite-based quantum key distribution (QKD) service to distribute cryptographic keys to end users via satellite optical links. itrust consulting has a major role in the secure design of the ground station system components. QKD leverages principles of quantum mechanics to provide keys that remain secure even in the face of growing threats to the current cryptographic ecosystem, such as quantum computing.
H2020: bIoTope: creating a SoS platform for connected smart objects (IoT).
ATENA: Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures.
CIPS SPARC project: The Space Awareness for Critical Infrastructure project analysed space phenomena as threats for Critical Infrastructures.
ESA LASP project: Localisation assurance service provider. Software/service to verify/certify the user’s location. This service was developed in partnership with ESA & the Lux. Uni.
LuxLAUNCH projects (opportunity studies - Galileo applications): Applications and Services on Broadband handheld devices. Standards, specifications & processes for space.