Introducing

atsec information security

Helmut Kurth, Sal la Pietra and Staffan Persson

© atsec information security, 2009

Who are we?
ƒ atsec information security is an
independent, standards-based IT
(information technology) security consulting,
testing and evaluation services company
with:
– a business-oriented approach to
information security
– in-depth technical knowledge and global
experience

© atsec information security, 2009 2

Foundations
ƒ The company was founded in January 2000 by
three internationally-recognized IT security
professionals:
– Helmut Kurth, Sal La Pietra, and Staffan Persson
ƒ Sharing a passion for IT security and confident
that a company focused solely on providing
information security services would be successful,
they financed the new business themselves.

© atsec information security, 2009 3

atsec’s business principles
ƒ We know the business
ƒ atsec knows the worldwide information security
consulting business very well. With a multinational
staff, it is only natural that we feel comfortable
operating internationally. We are a company with
global reach.
ƒ We act with integrity
ƒ Information security consulting and evaluation is a
high-integrity business, and very much a matter of
trust. All atsec employees are committed to
sustaining the highest degree of integrity in our
client relationships. We are devoted to delivering
the highest quality in a timely manner.

© atsec information security, 2009 4

atsec’s business principles
ƒ We stay focused
ƒ atsec consultants are information security
consultants. As such atsec focuses solely on
information security consulting. We do not consult
in any other areas, and we do not sell hardware,
software, or any other ware.
ƒ We are independent
ƒ atsec is an employee-owned company. We are not
affiliated with any hardware or software vendor,
and we never will be. Our credibility as consultants
hinges on that independence. Our customers can
rely on us to be objective. We have no interest in
selling anything other than our security expertise.

© atsec information security, 2009 5

Our services
ƒ We provide service in all IT security areas
– Compliance and Audit
– Evaluation, Testing and Assessment
– Consulting and Training
– Customized Services

© atsec information security, 2009 6

Compliance and audit
ƒ atsec’s consultants work with organizations to
implement and integrate compliance requirements
into one efficient and effective management
system.
– ISO/IEC 27001
– SOX
– FISMA
– HIPAA
– Digital Signature Compliance

© atsec information security, 2009 7

Evaluation, testing and
assessment
ƒ atsec’s world-renowned testing laboratories offer formal
testing in several international certification schemes.
– Common Criteria in Germany, U.S. and Sweden
– Cryptographic module testing to FIPS 140-2
– Cryptographic algorithm testing
– Security Content Automation Protocol (SCAP)
– Personal Identity Verification Program (NPIVP) Testing
– GSA Personal Identity Verification Testing (FIPS 201)
– Payment Card Industry: Qualified Security Assessor
– Payment Card Industry: Approved Scanning Vendor
– Payment Card Industry: Payment Application QSA

© atsec information security, 2009 8

Consulting and training
ƒ atsec consultants have longstanding expertise in
IT security consulting. We regularly offer these
services.
– Penetration Testing
– Embedded Systems
– Vendor Test Data Report for GSA FIPS 201
– Voting System Testing and Analysis
– Training

© atsec information security, 2009 9

Versatility
ƒ Our “basket of security experts” allows us to offer
true expert consultancy and not just production
line service.
ƒ We offer customized services and combine them
in ways that help customers gain the assurance
that they need. For example
– National accreditation scheme development
– Cryptographic export control regulations
– Integrated management systems
ƒ We regularly open offices and developed new
services because that is what our customers need.

© atsec information security, 2009 10

Why are we different?
ƒ We are leaders with many global leaders of IT
security in our “basket”.
ƒ We take time to understand your problems and
use that knowledge to innovate and design
solutions that give satisfaction.
ƒ Quality: We are ISO 9001 and ISO/IEC 27001
certified ourselves.
ƒ We understand that being on time can make all
the difference.
ƒ We are independent of external influences, from
finance to “partnerships” with product vendors.

© atsec information security, 2009 11

Confidence in atsec
ƒ We offer gratitude to the many companies, large
and small, who help make atsec thrive and trust
us with their IT security and assurance needs.
Including…

© atsec information security, 2009 12