You want friendly software?

Cybersecurity as a Friend

Keeping employees and customers safe from the risks of a cyber attack is now a responsibility. Physical security, management of sensitive information, Business Continuity are just some of the risks that can be contained by our Method.

Friends protect each other, and this is what we do: we help companies to ensure their values over time, building doors ready to open to welcome guests but well closed to reject those who are not welcome.

Trunk

A friend takes care of
your safety

Cybersecurity means

  • Comply with all safety regulations (see regulations)
  • Implementing a Cybersecurity Strategy
  • Ensuring the safety of employees and customers (Safety)
  • Protecting industrial plants and systems (IT/OT Security)
  • Ensuring Business Continuity (productivity)
  • Defend sensitive and personal data
  • Protecting the company's reputation

A friend makes you
open your eyes

Underestimating risk is more comfortable...

My company's small, it's not going to suffer cyber attacks.

Safety and Security: the definitions

Safety: Freedom from risks that are not tolerable. Safety protects people from "things", i.e. from accidental events related to the environment around us.

Security: The condition of a system's resources to be free from unauthorized access and unauthorized or accidental modification, destruction or loss. Security protects "things" (data, goods, ...) from man, that is, from voluntary actions of a malicious nature caused by him.

Scheme

The regulatory environment

Essential health and safety requirements

1.1 - General considerations / 1.1.2 - Principles of security integration
(c) When designing and constructing machinery and when drafting the instructions, the manufacturer or his authorised representative must take into account not only the intended use of the machinery but also reasonably foreseeable misuse.

1.2 - Control systems / 1.2.1 - Safety and reliability of control systems Control systems must be designed and constructed in such a way as to prevent the occurrence of hazardous situations. In any case, they must be designed and constructed in such a way that: a failure in the hardware or software of the control system does not create dangerous situations, errors in the control system logic do not create dangerous situations.

Particular attention requires the following:
the machinery must not start unexpectedly, the parameters of the machinery must not change uncontrollably, where such a change may lead to dangerous situations, the machinery must not be prevented from stopping, if the stop order has already been given

The 62443 series of standards was jointly developed by the ISA99 Committee and the IEC TC65WG10 Committee and is dedicated to the need to design and integrate a robust and resilient CyberSecurity into industrial control systems (ICS).

The 62443 series targets:

  • Improve safety, availability, integrity and confidentiality of systems used for industrial automation and process control.
  • Provide objective criteria to implement the appropriate level of Security in industrial process control and management systems.

The minimum standard issued by the Swiss government is intended for providers and operators of critical and non-critical infrastructure: it is designed as a manual containing guidelines for cyber security with particular attention to the concepts of "identification", "detection", "protection", "response" and "recovery". This measure aims to increase awareness of the risks associated with cyber threats and data theft in small and medium-sized enterprises.


A friend warns
you of the dangers

What happens in reality?

In just over a year, nearly 2 billion files containing other types of personal and sensitive data have been corrupted - Ernst & Young

Every day we talk about "cyber attacks". But are the implications just as clear?

  • The energy supply system of a hospital is attacked... the operation of hospital machinery is at risk and consequently the lives of its patients!
  • Addresses and sensitive data of a financial institution are subtracted. The safety of people and the company's reputation are threatened!

Our goal is to create Cybersecurity strategies that preserve the company's values.


A friend
makes you safe

How do we help you? Here is the Goodcode Method

Every entrepreneur has a responsibility to protect assets and employees from the cyber threats hanging over his or her company. The method provides customers with ongoing support to ensure: Physical Security, Management of Sensitive Information and Business Continuity.

Analysis
Analysis, logical-functional modelling of the system, zoning and classification of assets by criticality.

Risk assessment
Risk assessment and definition of security levels.

Optimization
Experimental tests to verify the assets, design and implementation of any corrective measures.

Didactics
Training of staff on regulations and the use of IT tools to avoid the risks arising from improper use.


A friend is
by your side

Cybersecurity as a Service

Like any self-respecting challenge between Good and Evil, the one against cybercrime has no end and is renewed day by day. For this reason we thought of a continuous service based on the implementation of a long-term strategy: Cybersecurity as a Service.


A friend
puts his face in it

Experience and collaborations

The professionals that we put in place for our clients are true experts in Cybersecurity, and this is demonstrated by the international partnerships built in recent years, including the one with Bureau Veritas, world leader in inspection services, verification of compliance with Safety and Security standards and certification.

Paolo Domenighetti

Paolo Domenighetti

Graduated in Software Engineering at the University of Italian Switzerland, Paolo Domenighetti managed an IT consulting company from 2010 to 2015 and then decided, that same year, to put his passion and expertise in Software Development to good use by founding Goodcode. Expert in Cybersecurity and Cryptography, he collaborates closely with Bureau Veritas.

Massimo Bianchini

Massimo Bianchini

A mechanical engineer with a passion for robotics and automation, Massimo Bianchini was Operations Director of Apave SudEurope Italia, a world player in safety and certification. In 1997 he started his consulting activity in the validation and commissioning of production plants, functional safety and finally industrial cybersecurity. Since 2018 he has been a partner of Bureau Veritas Italia.

Bureau Veritas uses the method populated by Paolo Domenighetti and Massimo Bianchini to offer Cybersecurity consulting services.


A friend helps
you understand

Cybersecurity in pills

To follow a few keywords and insights that you will surely find interesting to better understand the topic of Cybersecurity.

Essential health and safety requirements

1.1 - General considerations / 1.1.2 - Principles of security integration
(c) When designing and constructing machinery and when drafting the instructions, the manufacturer or his authorised representative must take into account not only the intended use of the machinery but also reasonably foreseeable misuse.

1.2 - Control systems / 1.2.1 - Safety and reliability of control systems Control systems must be designed and constructed in such a way as to prevent the occurrence of hazardous situations. In any case, they must be designed and constructed in such a way that: a failure in the hardware or software of the control system does not create dangerous situations, errors in the control system logic do not create dangerous situations.

Particular attention requires the following:
the machinery must not start unexpectedly, the parameters of the machinery must not change uncontrollably, where such a change may lead to dangerous situations, the machinery must not be prevented from stopping, if the stop order has already been given

The 62443 series of standards was jointly developed by the ISA99 Committee and the IEC TC65WG10 Committee and is dedicated to the need to design and integrate a robust and resilient CyberSecurity into industrial control systems (ICS).

The 62443 series targets:

  • Improve safety, availability, integrity and confidentiality of systems used for industrial automation and process control.
  • Provide objective criteria to implement the appropriate level of Security in industrial process control and management systems.

The minimum standard issued by the Swiss government is intended for providers and operators of critical and non-critical infrastructure: it is designed as a manual containing guidelines for cyber security with particular attention to the concepts of "identification", "detection", "protection", "response" and "recovery". This measure aims to increase awareness of the risks associated with cyber threats and data theft in small and medium-sized enterprises.

VPNFilter is malware designed to infect routers and certain storage devices connected to the network. It is estimated to have infected about 500,000 routers worldwide as of May 24, 2018, although this is still a downward estimate. VPNFilter Can steal data, contains a "kill switch" designed to disable the infected router on command and is able to survive rebooting the router. The FBI believes it was created by the Russian group Fancy Bear.

"Cyber Resilience" refers to an entity's ability to achieve the desired result despite adverse computer events. Cyber Resilience is a rapidly emerging concept that essentially brings together the areas of information security, business continuity and organisational resilience. The entities to which this concept is most closely linked are: IT systems, critical infrastructure, business processes, organizations, companies and national states.

Intelligent Cyber Threat refers to information about threats and their actors that help mitigate malicious events in cyberspace. Sources of cyber threat intelligence include open source intelligence, social media intelligence, human intelligence, technical intelligence, or dark and deep web intelligence.

Malware is software that is intentionally designed to cause damage to a computer, server, client or computer network. There are a wide variety of types of Malware, including computer viruses, Worm, Trojans, Ransomware, Spyware, Adware, Rogue Software and Scareware. Programs are also considered Malware if they act secretly against the interests of the computer user.

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising yourself as a trusted person via email, SMS or Instant Messaging. Often the communications are so likely that the user does not distinguish the fraudulent person from the official one and trustworthyly transmits all the requested data.

Vishing is a contracted form that means "Voice Phishing". Vishing is a form of telephone fraud that uses Social Engineering through the telephone system to access private personal and financial information for profit.

"Pharming" comes from the union of the terms "Phishing" and "Farming" and is a type of computer fraud very similar to Phishing, where the traffic of a website is manipulated and confidential information is stolen. Pharming exploits the basics of how Internet surfing works: the sequence of letters that form an Internet address, such as www.google.com, is converted into an IP address by a DNS server so that a connection can be established.

The Vulnerability Assestment is the process of identification, quantification and prioritization (or classification) of the vulnerabilities of a system, in our case computer science. Classifying risks and vulnerabilities of corporate information systems means performing a very thorough scanning that highlights the company's exposure to risks related to a possible cyber attack.

The Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) provides a framework of cybersecurity guidelines on how private sector organizations in the United States can assess and improve their ability to prevent, detect and respond to cyber attacks. Translated into many languages and also used by the Japanese and Israeli governments, the latest release of the framework includes a guide on how to perform self-assessments, guidance on how to manage risk in the supply chain, a manual on how to interact with stakeholders, and encouraging the disclosure of the most common vulnerabilities.

What are the new challenges of Cybersecurity?

What are the new challenges of Cybersecurity?

The Internet of Things and ultra-connected objects have greatly improved our lives, but paradoxically they have also made it easier for Hackers, who now have many more attack surfaces available. What are the countermovements?

Read on


A friend
always asks how you are

Are you cyber-safe now?

"Claiming a system is safe because no one is attacking it is very dangerous" - Bill Gates.

The first step towards the implementation of a Cybersecurity strategy is a step into the void, you can trust us. We are friends!


Let's meet