CyResLab
ESI CEE, is a long-time partner of the Software Engineering Institute (SEI) and its CERT division (Computer Emergency Readiness Team) at the Carnegie Mellon University, USA, the CMMI Institute and many others.
In 2013 ESI CEE created the CyResLab in order to increase competitiveness of digital enterprises and the resilience of digital ecosystems by making available various resources and services, designed to aid IT, software and information security improvement.
The CyResLab team has expertise in various aspects of information security - cryptology, secure architectures, secure software development, threat modelling and others. Our laboratory has real-world experience in heterogeneous technologies and complex IT systems security, including, but not limited to: Endpoint security (Linux, Android, Windows), Server security (Linux), Application Security (PHP, .NET, JavaScript), Cryptography (Homomorphic encryption, Searchable encryption, etc.) and many others.
We strongly believe in a holistic approach to security, both in the cyber and physical domain. Our methodology is based on industry and government-recognized systematic approaches like the Resilience Management Model (RMM), the Capability Maturity Model Integration (CMMI) and their continuation for critical infrastructure - Cyber Resilience Review (CRR).
Our particular strengths
- Web security
- Cloud security (AWS, OpenStack)
- Secure DevOps (SecDevOps) - Ansible, Chef, Vagrant
- Linux server hardening
- Practical cryptography in software development and operations
- Mobile application security (iOS, Android)
- Secure application design
Our experience
Successful projects, completed by the laboratory include (limited further information available upon request):
- A security solution for ICS/SCADA systems, used in oil platforms
- IT security monitoring and improvement services for insurance and non-banking fintech companies
- International cyber shockwave exercises in energy domain
Our research topics
We are doing research in:
- Systems systems - research and analysis of the cyber-dependencies of different types of architectures, interoperability levels and vulnerability models of "aggregated" systems and processes;
- Investigation of ICS (SCADA), ERP - Classification of Types of Vulnerabilities and Threats;
- Cybersecurity and secure applications of block technologies