TIBER - DK/EU Red Team Test

TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities, threat intelligence providers and red-team providers should work together to test and improve the cyber resilience of tested institutions by carrying out a controlled cyber-attack, specifically based on the Tools, Tactics and Procedures (TTPs) of relevant Threat Actors for the tested institution.

The TIBER-EU framework have been adopted by the Danish National Bank, called TIBER-DK, and is currently aiming at all systemic important financial institutions (SIFI) in Denmark.

TIBER-EU is applicable to entities not only in the financial sector, but also in any other critical sector. We are currently experiencing an increased interest from other sectors such as telco, power, energy, insurance, and pension to adopt the TIBER framework over the coming years..

A Strategic Key Initiative

TIBER is a strategic key initiative for Improsec in 2019 and the years to come, and as such we have been preparing since the middle of 2018 – both through adding the right members to our team, and through acquiring a multiple of compliant certifications to ensure we have the right competencies on our team.

We have a fully compliant TIBER-DK Red Team, all employees are based in our office in Copenhagen, and we already have experience and great success working with the framework.

We are a team of specialists, focusing on technical Cyber Security, our Security Advisors are among the highest certified IT Security professionals in Denmark.
Our offensive capabilities in terms of attacking and compromising critical infrastructure, such as Active Directory and other Microsoft infrastructure are unmatched in Denmark.
All employees have a clean criminal record (verified regularly) and have been, or can be, security cleared according to NATO standards.
We enforce very strict data security and confidentiality principles during and after all engagements. All data collected during engagements will be destroyed following the conclusion of a customer engagement.

Our Red Team currently holds, but is not limited to, the following certifications (several certifications per team member):

Offensive Security Certified Expert (OSCE)
Offensive Security Certified Professional (OSCP)
eLearnSecurity Certified Penetration Tester eXtreme (eCPTX)
eLearnSecurity Web application Penetration Tester (eWPT)
eLearnSecurity Web application Penetration Tester eXtreme (eWPTX)
eLearnSecurity Mobile Application Penetration Tester (eMAPT)
Certified Red Team Professional (CRTP)
GIAC Certified Forensic Analyst (GCFA)
eLearnSecurity Certified Penetration Tester (eCPPTv2)
eLearnSecurity Certified Threat Hunting Professional (eCTHP)
Certified Information Systems Security Professional (CISSP)
Microsoft Certified Solutions Expert (MCSE)
Microsoft Certified Solutions Associate (MCSA)
Certified Ethical Hacker (CEH)
Nordic Computer Forensics Investigator Certificate
INTERPOL Malware Analysis- INTERPOL Darknet & Cryptocurrencies

References

http://www.nationalbanken.dk/en/financialstability/Operational/Pages/TIBER-DK-and-implementation-guide.aspx

https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html