TIBER

TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyber-attack.

The TIBER-EU framework have been adopted by the Danish National Bank and is currently aiming at all systemic important financial institutions (SIFI) in Denmark.

TIBER-EU is applicable to entities not only in the financial sector, but also in any other critical sector. We are currently experiencing an increased interest from other sectors such as telco, power, energy, insurance, and pension to adopt the TIBER framework over the coming years.

TIBER Improsec

A strategic key initiative

TIBER is a strategic key initiative for Improsec in 2019 and the years to come, and as such we have been preparing since the middle of 2018 – both through adding the right members to our team, and through acquiring a multiple of compliant certifications to ensure we have the right competencies on our team.

We have a fully compliant TIBER-DK Red Team, all employees are based in our office in Copenhagen, and we already have experience and great success working with the framework.

  • We are a team of specialists, focusing on technical Cyber Security, our Security Advisors are among the highest certified IT Security professionals in Denmark.

  • Our offensive capabilities in terms of attacking and compromising critical infrastructure, such as Active Directory and other Microsoft infrastructure are unmatched in Denmark.

  • All employees have a clean criminal record (verified regularly) and have been, or can be, security cleared according to NATO standards.

  • We enforce very strict data security and confidentiality principles during and after all engagements. All data collected during engagements will be destroyed following the conclusion of a customer engagement.

Our Red Team currently holds, but is not limited to, the following certifications (several certifications per team member):

  • Offensive Security Certified Expert (OSCE)

  • Offensive Security Certified Professional (OSCP)

  • eLearnSecurity Certified Penetration Tester eXtreme (eCPTX)

  • eLearnSecurity Web application Penetration Tester (eWPT)

  • eLearnSecurity Web application Penetration Tester eXtreme (eWPTX)

  • eLearnSecurity Mobile Application Penetration Tester (eMAPT)

  • Certified Red Team Professional (CRTP)

  • GIAC Certified Forensic Analyst (GCFA)

  • eLearnSecurity Certified Penetration Tester (eCPPTv2)

  • eLearnSecurity Certified Threat Hunting Professional (eCTHP)

  • SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

  • Certified Information Systems Security Professional (CISSP)

  • Microsoft Certified Solutions Expert (MCSE)

  • Microsoft Certified Solutions Associate (MCSA)

  • Certified Ethical Hacker (CEH)

  • Nordic Computer Forensics Investigator Certificate

  • INTERPOL Malware Analysis- INTERPOL Darknet & Cryptocurrencies

Contact

For further information, please contact COO and partner Claus Vesthammer: (+45) 3131 9963 / [email protected]

References

http://www.nationalbanken.dk/en/financialstability/Operational/Pages/TIBER-DK-and-implementation-guide.aspx

https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html