Of course, there are certain minimum legal requirements, but nexuzhealth advances its product development and related services regarding security and privacy even further. “First, we are applying the Centre for Cybersecurity Belgium’s CyberFundamentals fundamental guidelines framework, or CyFun for short,” clarifies Mark Vanautgaerden. “With the risk assessment and self-assessment included, we determine the key priorities to become NIS2-compliant (Network and Information Security Directive 2). By complying with the cybersecurity law and achieving at least the basic level of security, you can therefore prevent over 80% of today’s cyberattacks.
Naturally, we strive to achieve the highest level of security by continually tightening security measures incrementally afterwards. As nexuzhealth is largely a product development company, we extend this to include the OWASP (Open Worldwide Application Security Project) Software Assurance Maturity Model, SAMM for short.
This gives us additional direction in structuring and improving the security processes for our software development in five areas specifically focused on governance, design, implementation, verification, and operations. This leads to appropriating an application security culture, or AppSec for short, which ensures that we introduce all the necessary tasks and processes to our product engineering teams to achieve a secure Software Development Life Cycle (SSDLC).”
“The CyFun and SAMM priorities are implemented into nexuzhealth in several steps. The management team determines the high-level goals first,” says Mark. “Next, the security experts on the security team translate these into practical goals and prepare the actual implementation. Developers will include those recommendations in the roadmap and then fully implement them. Afterwards, tests are carried out to see whether the risk has been remedied or at least reduced, and an evaluation follows. And then this whole process is restarted to eliminate more and more risks.”
