|
|
Working with our Customers:
|
|
The Retirement of Common Criteria in the High Assurance World
|
Not only is a Common Criteria evaluation time, cost and resource intensive, but a certified Target of Evaluation (TOE) does not guarantee security - it simply demonstrates suitable mitigations have been implemented to protect against a specific threat, and provides a snapshot of the security at the time of evaluation; it might not be capable of resisting future attack vectors or different threats. New evaluation models are emerging that focus on close collaboration between developers and evaluators from the very beginning of the lifecycle - an agile approach to evaluation. This creates more balanced, pragmatic and ultimately more effective assurance. Nexor has been working with a number of key influencers in the evaluation world to support this new thinking. We also continue to build on our 20 year investment in robust development processes to maintain state-of-the-art capability.
|
|
European Defence Agency Information Exchange Gateway Study
|
Further to a full competitive procurement exercise, Nexor was awarded a contract by the European Defence Agency (EDA) to conduct a study into information exchange requirements between various levels of the deployed EDA command structure and its partners. Nexor is priming the in depth investigation, with CSC Germany providing support in specialist areas.
|
|
Enhanced ISTAR Gateway
Contact Nexor on info [at] nexor [dot] com (subject: Enhanced ISTAR Gateway) for more details.
|
Further to successful trials at Empire Challenge 2009 (EC09), the Nexor ISTAR Gateway made a return visit to EC10, this time with the added capability to check full motion video clips, still images and track data. In summary, the gateway enforces security policy at the domain boundary. A Nexor Data Diode guarantees one way transfer of information from a lower classified domain, for example Restricted, into a higher classified domain such as Mission Secret. The diode ensures that no information flows back from high to low. The information that flows from low to high is controlled using Nexor data guards, which can check a variety of contents.
|
|
Niteworks Cross Domain Services Governance Quicklook
|
A recent Niteworks study tackled the defence challenge “what would be the optimal approach for MOD to manage Cross Domain Services?” Nexor took a leading role in this work that considered process, role, governance, funding, organisational, integration and industry issues associated with the introduction of Cross Domain Services to heighten CIO-J6 awareness.
|
|
Other news in brief:
|
-
Nexor is implementing a comprehensive border security solution to a UK agency including appliance-based guards and gateways with training and professional services.
-
Sentinel 3 is under-going a detailed security assessment by a major national government agency.
-
Sentinel 2 continues to roll out into NATO with two new shipments.
-
Two military messaging implementation projects in central and eastern Europe are nearing completion.
|
 |
|
|
|
|
|
High Assurance Guarding in a Federated Environment
If you would like to hear more on this subject send a request to info [at] nexor [dot] com (subject: High Assurance Guarding in a Federated Environment ) .
|
Nexor was well-received at the NATO IA symposium where the team ran a workshop debating the challenges, characteristics and interface requirements for implementing High Assurance Guards in a federated environment.
|
|
Secure Development Article Gains European Audience
Click here to access the original article and here to access the German translation. |
An article entitled Secure by Design, by Andrew Kays, Nexor’s Head of Research and Technology, has been translated and published in Germany by SecuritySearch.de. Originally published in Computer Weekly, the article explores the importance of building security into the design of information technology from the early stages of a system’s development cycle.
|
|
Information Assurance in the Cloud
If you would like to hear more on this subject send a request to info [at] nexor [dot] com (subject: Information Assurance in the Cloud) .
|
A thought provoking presentation on the subject of cloud computing was delivered by Technical Architect, Tony Roadknight, at both Technet International and during a workshop at the European Defence Agency. By comparing previous computing models with the cloud model, the new and different challenges posed by cloud computing from an Information Assurance perspective were explored.
|
|
|
|
|
|
|
|
Nexor Data Diode
|
In the complex world of shared intelligence, data diodes play an important role. Designed to protect two networks of differing classifications, the Nexor Data Diode offers a unique, hardware-based one-way communication path thereby guaranteeing no leakage back to the originating domain.
|
|
COTS Capability for the Medium Assurance Market
|
“Industrial strength information assurance for a broad market of security conscious customers” is how Wayne Philips, Microsoft’s Director Worldwide Defence Solutions describes Nexor Watchman for Microsoft’s Forefront Unified Access Gateway (UAG). This innovative new solution for the Medium Assurance market launched at the Microsoft Global Summit in Atlanta in July.
|
|
XML Schema Checking in Sentinel 3
|
Sentinel 3, our SELinux based high assurance mailguard now supports validation of schemas for XML attachments. Multiple schemas can be loaded into Sentinel, which will verify that any attachment identified as XML conforms to one of the configured schemas.
|
|
|
|
|
|
|
|
First to Achieve TickITplus Certification
|
In December 2010, Nexor became the first UK company to be awarded TickITplus certification as a result of a transition assessment by the external certifying body, LRQA (Lloyds Register Quality Assurance). This is an achievement that further demonstrates Nexor’s commitment to business professionalism and shows that Small and Medium Enterprises (SMEs) can lead the way in process maturity.
|
|
And, First to Achieve Intellect Business Professional Certificate
|
 On behalf of Nexor, Steve Kingan (CEO) and Irene Dovey (Business Improvement Manager) received the first Intellect Business Professional Certificate from John Higgins CBE, director general of Intellect. A recognised mark of quality and professionalism, the Intellect Business Professional Certificate was created by business people, including staff from Nexor, who are already creating and sharing best practice and who are motivated to improve standards and ultimately the reputation of the industry.
|
|
Microsoft Secure Development Lifecycle Boosts Best Practice
|
As part of the continuous improvement in best security practice, all Nexor developers have been further trained in threat analysis techniques by Microsoft Secure Development experts. The Nexor development lifecycle is being continually updated to ensure it utilises Industry best practice techniques.
|
|
Corporate Information Security Awareness
|
Government data loss issues reported in the press serve to highlight the importance of regular and effective staff training in security awareness to prevent such incidents. In line with our commitment to ISO27001, Nexor has run a refresher training course for all staff in corporate security awareness.
|
|
|
|
|
|
|
|
This year, we will be present at:
|
|
HOSDB: |
22 – 24 March |
|
Defence IT 2011: |
13 – 14 April |
|
Counter Terror Expo 2011: |
19 – 20 April |
|
IA11: |
28 – 29 June |
|
DSEi: |
13 – 16 September |
|
NATO IA: |
19 – 23 September |
|
Technet International: |
19 – 21 October |
|
Watch our web-site for more details of our presentations and workshops
www.nexor.com |
