Secure Systems

VEGA Secure Systems (VSS) creates solutions to support our clients in the development of secure IT systems, particularly those with external internet access.

Understanding that technology is an essential business enabler and effective security management is a living process, VEGA combines proven methodology with skills and experience that are kept up-to-date and relevant, providing ongoing assurance that will assist in managing organisational risk.

Our VSS team offers full secure design services to our clients, whether this is for a new system or as part of a heritage system review. VEGA's full provision secure system service to our clients includes:

Technical Vulnerability Testing

Penetration testing or a vulnerability assessment, as it is sometimes known, utilises both commercial and free tools to discover weak points within the security armour of an organisation that an attacker could employ, to whatever end. The aim is to further arm the security posture of the organisation by identifying vulnerabilities and threats, so that risks can be assessed and addressed, within the business framework.

CHECK

The Communications Electronics Security Group (CESG) provides ITSHCs to Her Majesty’s Government (HMG) and Critical National Infrastructure (CNI) agencies for protectively marked systems. The CHECK scheme was developed due to the increase in demand for these ITSHCs. As a consequence, a partnership between CESG and private industry was formed, which permitted commercial organisations to carry out ITSHCs on HMG and CNI systems processing data that is protectively marked, up to and including, CONFIDENTIAL.

SCADA (Supervisory Control and Data Acquisition)

VEGA recognises that SCADA systems were designed for reliability and operability with little or no emphasis on security. Consequently they are vulnerable to ‘attack’. Many systems have evolved from isolated centrally controlled systems to modern distributed networks with more potential for public access, using internet technology and common operating systems. Subsequent de-regulation and interconnections between utilities has made these systems more accessible.

Secure Gateways & Portals

For years, VEGA has been providing system design and security advice to the most secure and sensitive parts of Government. Producing designs and configurations to mitigate risks from the most dangerous threats and as an independent programme and systems assurance company, without affiliation to any specific product and a solid foundation built on providing proven security assurance at the very highest levels.

Application Testing

VEGA offered a complete application level vulnerability assessment which is geared towards internet business interactions. This is not only limited to the primary web facing fabric – the back end support systems are also tested to a degree which is commensurate with the threat.

Software Validation

For security enforcing and security relevant functionality, where that functionality is implemented in software, VEGA is experienced in offering assurance services which can be used to increase the strength of mechanism and or assurance associated with a specific function.

ITSEC and Common Criteria

The Information Technology Security Evaluation Criteria (ITSEC) are European developed criteria that aim to independently test the security features of a product to identify logical vulnerabilities. The scheme offers different depths of analysis in order to offer appropriate degrees of assurance, under the scheme these are known as Assurance Levels. Certificates are issued by the Scheme for products meeting the requirements for a claimed level of assurance. ITSEC is recognised throughout Europe.

Architecture and Design

VEGA offers a mix of technical assurance services intended to be used as security support services for the through life management of networks. VEGA also provides these services in the design and synthesis phases of programs in order that clients have security designed in from project inception. Depending on the market sector and the security assurance levels required, secure architectures are proposed which are commensurate with the threat profile, whilst maintaining an optimal balance of COTS/MOTS product for cost effectiveness. Network fabric and architecture is proposed which is capable of being security certified to a number of security baselines, including BS7799, which is becoming increasingly more important in the statutory legal compliance of client business activity. VEGA also offers CLAS & CHECK services.

DIAN08

Defence Information Assurance Notice (DIAN) 8 is now written into MoD policy as a candidate method providing traceability from business requirement down to technical architecture. At the technical architecture level, DIAN 8 allows threat paths to be identified and therefore countered giving the security analyst the assurance that threats have been addressed.

Lockdown

Application and Operating System lockdown - also known as “hardening” - is the minimising of features and services within a program to the bare minimum to support effective business activity, in a secure manner.