Security with a human touch

Some say that people are the weakest link in cybersecurity, due to the prevalence of human error and social engineering attacks.

Discover what our customers are saying:

«Only amateurs attack machines, professionals target people.»

Bruce Schneier

We believe people are key to preventing cybercrime

Employees who know how to protect themselves, will also help protecting your company.

As Secure Practice founders, we had previous experience from developing security training and culture programmes in both large and medium-sized companies, with measurable results.

After experimenting with every possible approach to raise security awareness in various contexts, we gained a lot of experience on how people respond to different kinds of measures.

Unfortunately, we found that common security products default to poor user experiences without due respect to the time we ask our colleagues to spend on them.

We decided to challenge the perception of people as vulnerabilities, and rather turn security into something positive for everyone.

From scientific research, we also know that training must resonate positively with people's emotions to influence their behaviors.

Our approach to product development is therefore thoroughly people-centered, and we are proud to be different.

At the same time we use data-driven analytics to guide your security programme, and make use of user generated data in brand new ways.

Secure Practice combines innovative means to facilitate user engagement and actionable results, ranging from gamification on the one hand, to machine learning on the other.

Experience how we bridge the gap between security and people.

Our mission is digital security for everyone, by building what people have told us they want, and what science has shown us they need.

A security product that people actually love

And don't just take our word for it, see what some of our users are telling us:

This is the friendliest security product I've ever seen!
Easy to use
Very good to get clear recommendations
Quick response, useful feedback

Fun with the simulation!
Super nice to get this instant feedback
EVERYTHING IS AWESOME!
I've become more critical to opening emails than before :)

Award-winning innovation

Based on academic insights across several disciplines, we have developed a deep understanding for security related behavior beyond simply blaming human weakness and error.

We further combine these insights with advanced technology to take operational advantage of employee engagement for security.

Our software service won the «Best new security product» award at the Outstanding Security Performance Awards (OSPA) in 2018.

We have also been awarded the EU Seal of Excellence for our innovations, and have received financial support from both Innovation Norway and the Research Council of Norway on several occasions.

Security by design

As a trusted partner in securing your business, security is naturally made a high priority for ourselves. Our security strategy is based on demonstrable implementation of well-known standards, including:

  • ISO 27001 Information Security Management System (ISMS)
    for organizational and technical controls in line with best practice
  • OWASP Application Security Verification Standard (ASVS)
    for structured security requirements in software development
  • Cloud Security Alliance (CSA) Continuous Self-Assessment
    for risk management throughout the entire cloud supply chain

Privacy by design

European privacy legislation (GDPR) implements strong requirements for personal data processing. Our privacy strategy takes into account both your role as a controller, ours as processor, and end-user rights.

  • Principles for data protection are adopted throughout our entire product development lifecycle, including data minimization.
  • Data Processing Agreement terms govern the legal scope and requirements for processing, and responsibilities of each party.
  • Transparent risk analysis baseline for customers who deploy our services include privacy impact assessments for personal data.

Would you like access to our CSA self-assessment, OWASP ASVS requirements table, ISMS policies, or a risk assessment baseline for our services?

Book a meeting →