ObjectSecurity’s services range from high-level tasks such as security architecture and analysis, assessment and testing, as well as policy, down to the implementation of security technologies. We can help you close the loop between business and IT security and to implement security relevant regulations, processes and frameworks across your IT.
In particular, we offer leading services, R&D, solutions and training related to information security, esp. related to security policy management and implementation (incl. “model-driven security”), access control, cloud security, SOA security, middleware security. Additional services include model-driven requirements engineering, and court technical expert witness.
Our successful track record with many large blue-chip companies and government organizations underscores our strong expertise and our ability to handle complex security requirements in very demanding IT environments. Projects span numerous mission-critical industries (incl. government, aerospace, defense, manufacturing, finance, telecom, and more).
ObjectSecurity’s highly experienced and qualified security experts hold advanced degrees (PhDs/Master’s) in information security, each have over 15 years of experience in the field, and are renowned visionaries in the area of “model-driven security” and cloud security.
- Model-Driven Security, including agile application security policy automation (esp. access control, audit) and agile information assurance accreditation automation. Roadmapping, design, architecture, implementation, assessment, consulting, training, R&D
- Fine-Grained Application Access Control, including access control policy architecture, design, implantation, automation, review/assessment; using various technologies, incl. OpenPMF and XACML.
- Security Ontologies, including security policy ontologies, privacy ontologies, incident/threat/malware ontologies, attack tree analysis ontologies etc.
- Application Security, including “model-driven security”, secure application construction/integration, application security architecture, platform selection / deployment, security assessment, development tool/methodology security
- Information Assurance Accreditation Automation, using model-driven security approaches, e.g. Common Criteria for government SOA/Cloud/widgets
- Middleware Security, including “model-driven security”, middleware security architecture, middleware security features selection, implementation, deployment, security assessment, development tool/methodology security, technical support (e.g. MICO)
- Cloud Security, including security roadmap definition, security architecture, security assessment, PaaS security policy automation, compliance automation. ObjectSecurity’s CEO Dr. Ulrich Lang is on the board of Cloud Security Alliance (Silicon Valley Chapter).
- Service Oriented Architecture (SOA) Security, including security roadmap definition, security architecture, security assessment
- Embedded Systems Security, including architecture, design, implementation, development tool/methodology security.
- Enterprise Information Security Policy, including standards assessment, risk analysis, controls selection and implementation architecture , Security Management System (SMS) development and review.
- Application Layer Firewalls, including risk assessment, selection, implementation, incident reporting/auditing
- Social Network Platform Security, including risk assessment, architecture, design, implementation, review.
- Security Training Workshops, tailor-made or general purpose
- Contract R&D, including government funded disruptive R&D (EU FPx, US SBIRs), contract studies, emerging technology analyses etc.
- Model-Driven Requirements Engineering, including model-driven requirements engineering tool architecture, tool design, tool implementation, methodology, requirements engineering.
Technical Expert Witness for software copyright or patent litigation, including consulting technical expert and testifying technical expert witness (credentials: PhD University of Cambridge, MSc, 15 years in industry, experience being technical expert witness)
Semantic Wiki Technologies, including semantic wiki technologes for security and non-security purposes