SAFE-Secura

SAFE-Secura

Speciality: Comprehensive Penetration Testing

Amsterdam, Netherlands 51 employees Publishes CVEs
Visit Website View on LinkedIn
[01] About

Private cybersecurity firm based in Amsterdam, Netherlands, founded in 2000; specializes in penetration testing, vulnerability assessments, and red teaming with active testing across cloud, network, mobile, web, IoT, and infrastructure targets; certified CCV for pentesting; part of a 51-200 employee organization.

SAFE: Reduce the Human Risk in cybersecurity Onze visie bij Secura gaat verder dan de traditionele awarenesscampagnes. De praktijk heeft immers ook laten zien dat het effect van dergelijke campagnes vaak gering is. Dit komt omdat het zich beperkt tot het zenden van kennis, terwijl mensen door meerdere factoren worden gedreven. Hoewel kennis belangrijk is, bestaat er een kloof tussen awareness en gedrag: wéten wat je moet doen is niet hetzelfde als je daadwerkelijk zo gedragen! Voor een effectieve bescherming tegen menselijk fouten is bewustwording weliswaar belangrijk, maar niet het einddoel. Daarom ontwikkelde Secura het SAFE programma, dat is gericht op het het overbruggen van de kloof tussen awareness en gedrag. Het doel van SAFE is dus ook het bereiken van daadwerkelijke gedragsverandering. Wil je meer weten? Neem dan contact met ons op! ------------------------------------------------------------------------------------- Our vision at Secura goes beyond traditional awareness campaigns. After all, practice has shown that the effect of such campaigns is often limited. Awareness campaigns focus on sending knowledge, while people are driven by more than knowledge. In other words; there is a gap between awareness and behavior: knowing what you should do is not the same as actually acting like that! Awareness is indeed important for effective protection against human error, but not the end goal. That is why Secura developed the SAFE program, which is aimed at bridging the gap between awareness and behavior. The goal of SAFE is therefore to achieve actual behavioral change. Would you like to more about our program or how we can help your organization to change behavior regarding cybersecurity. Than please contact us!
[02] Services
Safe-secura Provides Comprehensive Cybersecurity Services Including Penetration Testing
Vulnerability Assessments
Red Teaming
Security Awareness Training
Compliance Audits
Security Management
Consulting Across IT
OT
Iot Environments To Enhance Organizational Cyber Resilience.
[03] Certifications
ISO 27001

ISO 27001: Information Security Management Certification


Origin


ISO 27001 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and was first published in 2005. It evolved from the British Standard BS 7799-2, which was created in the late 1990s. The standard was developed in response to the growing need for organizations to systematically manage and protect sensitive information in an increasingly digital business environment. ISO 27001 has since been revised, with major updates released in 2013 and 2022 to address evolving cybersecurity threats and best practices.


Industry Value and Importance


ISO 27001 is globally recognized as the leading standard for information security management systems (ISMS) and is valued for providing a systematic, risk-based approach to protecting sensitive data. Organizations that achieve ISO 27001 certification demonstrate to clients, partners, and regulators that they have implemented comprehensive security controls and are committed to maintaining confidentiality, integrity, and availability of information. The certification is particularly important for organizations handling sensitive data, as it helps meet regulatory compliance requirements, reduces security incidents, builds customer trust, and often provides a competitive advantage in procurement processes where information security assurance is required.

IEC 62443
NIS2

NIS2 Directive Overview


Origin and Background


The NIS2 Directive (Network and Information Security Directive 2) was created by the European Union and adopted in January 2023, replacing the original NIS Directive from 2016. The European Parliament and Council developed this legislation to address the growing cybersecurity threats across member states and to create a more uniform approach to cybersecurity requirements. It was implemented because the original directive had inconsistent application across EU countries and didn't adequately cover the expanding digital landscape and supply chain vulnerabilities that emerged in recent years.


Industry Importance and Value


NIS2 is significant because it establishes mandatory cybersecurity requirements for approximately 160,000 organizations across essential and important sectors in the EU, including energy, healthcare, banking, digital infrastructure, and public administration. The directive is valued for creating harmonized cybersecurity standards across Europe, improving incident reporting mechanisms, and holding senior management directly accountable for compliance. For organizations doing business in or with the EU, NIS2 compliance has become essential—not only to avoid substantial penalties (up to €10 million or 2% of global turnover) but also to demonstrate robust cybersecurity practices to partners and customers in an increasingly interconnected global market.

Common Criteria
CREST

CREST Cybersecurity Certification


Origin


CREST (Council of Registered Ethical Security Testers) was established in 2006 in the United Kingdom by a group of cybersecurity professionals and industry representatives. It was created to address the growing need for standardized, recognized qualifications in penetration testing and cybersecurity services. The organization emerged from concerns about the quality and professionalism of security testing services, aiming to provide a framework that would certify both individual practitioners and the companies that employ them.


Industry Value


CREST certifications are highly valued in the cybersecurity industry because they demonstrate a practitioner's technical competence and adherence to professional ethical standards. Many government agencies, financial institutions, and large corporations specifically require CREST-certified professionals when procuring penetration testing or security assessment services. The certification provides assurance to employers and clients that certified individuals have been independently verified to possess the necessary skills and knowledge, and that they follow established codes of conduct. This makes CREST credentials particularly important for cybersecurity professionals working in regulated industries or seeking to work with organizations that have stringent security requirements.
[05] Notable Clients
  • Abbott Laboratories
  • Knorr-Bremse
  • Amazon
  • Meta
  • American Airlines
  • Nederlandse Spoorwegen (NS)
  • ING
  • Hitachi
  • Rijkswaterstaat
  • Provincie Zuid Holland
  • Philips
  • Suanfarma