Tuesday, May 25, 2010

atsec is 7 years old

We celebrated 7 years as a US corporation yesterday. :)

When I started with atsec we were in the process of our first accreditation in the US. Of course we already had the experience of becoming a lab in Germany with BSI, but boy the US was a whole other kettle of fish! The prospect of the first NVLAP audits seemed quite daunting and as we designed a quality system that could be expanded to meet the future needs of atsec we learned a lot.

Now we have a rather complex quality manual, covering a whole host of organizations and people that want to be sure that we do what we say and say what we do. They include NVLAP, CCEVS, CMVP, our ISO 9001 and ISO/IEC 27001 auditors, and the PCI security standards council. Add to that our numerous internal audits and you can see that being the subject of an audit is no strange thing to us nowadays.

What's the point of this talk about quality manuals and audits? Well, today we announce a collaboration with Criteria Labs. I'm excited by this as it means that we can potentially gain many more exciting projects. I will be happy to see Steve Weingart at last have the opportunity to do some in depth physical security work again and to hear the technical conversations with Helmut Kurth and others as they investigate the endless possibilities for vulnerabilities and even real attacks on hardware. I'm happy that at last we have the (expensive) facilities to cover hardware projects ourselves with the same depth and expertise as we do software projects.

Security is a global and holistic problem. It's not really about quality manuals, audits and assessments, though I know they are a tangible way of demonstrating that we are a competent lab. Security is about thinking outside the box and being ready for anything.

Fiona Pattinson

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.