Cybersecurity Services for Central, Regional and Local Governments

Raising your cyber resilience to protect sensitive data

> Markets > Public Sector > Central, Regional and Local Governments

Trusted parnter 2

20+ YEARS EXPERIENCE IN THE PUBLIC SECTOR

Work together 2

Dozens of government agencies and independent administrative bodies as clients.

Winner Prize

Expert in BIO, NIS2 and other Regulations

Within the public sector, information security and data protection are crucial. Many organizations in this sector manage large amounts of privacy-sensitive and fraud-sensitive data. These data need to be well-protected from a confidentiality, integrity and availability (CIA) perspective.

To protect public data is not an easy task. The attack surface is wide. Hackers might attack public information systems from various angles, with all kinds of objectives. Cybercriminals force victims to pay ransom or use data to blackmail people. Others may want to simply expose confidential data to the public. Also nation states are active: to influence elections or to frustrate the society in another country or continent. There are many serious threats that public organizations need to defend themselves against.

Secura has the knowledge and experience to tackle these challenges together with you. We conduct investigations into the backbone of Dutch government IT and help to keep the Netherlands cyber-safe.

Highlight-image

HONORABLE WORK

Secura employees who work on government projects usually choose to do so deliberately. A survey among our employees revealed the following motivations:

  • Employees describe their work on behalf of the government as socially relevant, because it impacts the safety of the Netherlands as a whole, rather than individual companies
  • Employees feel proud to work on government projects – they also use the word 'honorable'
  • Working on government projects is more challenging, because there are more customized systems involved.

One of Secura's pentesters put it this way: 'I'd rather prevent a state actor from flooding a part of the Netherlands or stealing thousands of people's identities than maintaining a company's reputation.' Her colleague added, 'The variety in work is huge: from trash bin sensors to supercomputers.' And: 'The fact that a document can be made public via the Freedom of Information Act makes the work extra challenging. It requires a good understanding of the administrative and social context in which our customers operate.'

HOW TO SECURE THE PUBLIC SECTOR?

PEOPLE

Security is a matter of People, Process and Technology. Recent large cases of phishing and social engineering are proof that even established organizations are still vulnerable to a weak human factor. Organizations with Chief Information Security Officers (CISOs) and Data Protection Officers (DPOs) in charge of security, must face the reality that the human factor needs continuous attention. Employees have access to important data, exchange files that contain confidential data. They might even have the knowledge and be aware of security aspects. However, to get them to behave accordingly requires a comprehensive security awareness & behavioral program.

PROCESS

From a process perspective, an Information Security Management System (ISMS) is required by regulation. Most of these are based on processes and controls as defined in ISO 27001. The Dutch government uses the ‘Baseline Informatiebeveiliging Overheid’ (BIO), schools and universities rely on SURF guidelines and Dutch healthcare providers use NEN 7510 as a baseline for information security. It is important to have these systems in place and act accordingly. Especially when it comes to dealing with sensitive public data, annual assurance assessments are required for DigiD / ENSIA / Suwinet / VIPP / NVZ / NEN 7510. As well as up-to-date privacy/GDPR/DPIA agreements.

TECHNOLOGY

When it comes to technology, public organizations use a wide variety of systems and technologies. Ranging from old legacy systems, applications and infrastructure to software hosted by a cloud service provider and mobile apps, each of these can contain undiscovered vulnerabilities that require to be (pen)tested. Our Red Team thoroughly assesses security in both information technology and operational technology (to manage buildings, bridges and traffic) environments. Even with SIEM/SOCs in place, these systems can’t be blindly trusted. For public welfare, it is important that these systems are continually tested and monitored.

Meet our Account Team

Hans Labruyere

Hans Labruyere is Senior Account Manager at Secura, with a focus on Local Government, Education & Healthcare Organizations.

Ruud Borst

Ruud Borst is Senior Account Manager at Secura, with a focus on Central Government, Higher Education, Government Bodies And Large Municipalities.

Christoffel Klimbie

Christoffel Klimbie is Senior Account Manager at Secura, with a focus on Central Government, Executive Agencies And Large Municipalities.

Contact Us

Would you like to learn more about cybersecurity services for your organization? Please fill out the form and we will contact you within one business day.

USP

ABOUT SECURA

Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.