Corona

Despite Corona — the support of SRC is certain!

The corona virus has reached our everyday life. The pandemic is directing our focus on what is now the most important thing: the protection of the health, safety and well-being of our employees, our partners, customers and families.

The vast majority of our employees use the oppor­tunity to work from home; some are available at the locations to sign, receive mail and much more.

In the relatively short period of time it has already become apparent that the staff of SRC is very committed to ensure the conti­nuity of the opera­tional processes.

Especially in these difficult times, we pay special attention to the concerns of our customers. We are still in a position to support our customers, some of whom operate urgently needed critical infra­struc­tures, compre­hen­sively and with a maximum of flexi­bility. We will continue to meet our great respon­si­bility and oblig­ation towards our customers in these times.

Even if many of us are not at the SRC locations: We are still available for you via the usual commu­ni­cation channels.

We continue to do what we are good at.

As an alter­native to on-site appoint­ments we have, for example, developed proce­dures for remote support. We can …

  • conduct consul­ta­tions and inter­views in the form of telephone confer­ences,
  • Check system settings using web confer­ences,
  • Carry out on-site inspec­tions using video trans­mis­sions.

Please contact your contact person at SRC in order to coordinate the concrete procedure.

We at SRC are convinced that we will learn from the experi­ences of this situation for our future. We will emerge strengthened from this crisis.

Please pay attention to the health of your fellow men and families.

SRC recognized as SPoC/CPoC Lab by the PCI SSC

SRC recog­nized by PCI SSC as SPoC and CPcC Security Lab

Today, the worldwide operating PCI Security Standards Council has recog­nized SRC as the fourth laboratory for the perfor­mance of security tests for SPoC and CPoC solutions.

With SPoC solutions (Secure PIN Entry on Commercial-off-the-Shelf devices) a merchant can accept payments with commer­cially available mobile devices.

While the SPoC program describes solutions with PIN entry, the CPoC program is aimed exclu­sively at contactless solutions that do not require PIN entry.

A SPoC solution consists of four core compo­nents

  • a Secure Card Reader for PIN (SCRP), an external and PCI PTS approved card reader,
  • a tested PIN CVM App for secure PIN entry on the merchant’s standard mobile device,
  • the retailer’s mobile device (COTS device) such as a smart­phone or tablet, and
  • a background system that contributes signif­i­cantly to the security of the overall system by means of attes­tation, monitoring and processing.

With CPoC, the PCI SSC has developed require­ments for solutions for processing contactless payments without PIN entry (“Tap and Go”) on commer­cially available mobile devices (commercial off-the-shelf, COTS), such as smart­phones or other mobile commercial off-the-shelf (COTS) devices with NFC interface.

With the SPoC and CPoC programs, the PCI SSC meets the increasing demand for new and secure accep­tance solutions and ensures security in the accep­tance of payments via mobile phones and tablets. The corre­sponding tests are now also carried out by SRC.

The recog­nition of SRC as a lab for the programmes SPoC and CPoC is an important signal to the market. Customers from this innov­ative environment can now also make use of SRC’s expertise for the devel­opment of secure payment solutions.

PCI DSS guidance for Large Organizations

PCI DSS best practices guidance for large organi­za­tions published

SRC Security Research & Consulting GmbH contributed to the most recent PCI (Payment Card Industry) Security Standards Council Special Interest Group (SIG). The resulting guidance on PCI DSS for Large Organi­za­tions is now published.

Complex organi­za­tions, corpo­ra­tions and companies often face specific challenges when imple­menting PCI DSS (Payment Card Industry Data Security Standard) require­ments: the hetero­geneity of their infra­struc­tures and processes, the constant change of corporate struc­tures, and dealing with diverse require­ments, respon­si­bil­ities and management tasks.
The new guidance on PCI DSS for Large Organi­za­tions helps large and/or complex organi­za­tions coordinate and manage their PCI DSS activ­ities across multiple environ­ments.

  • PCI DSS guidance for Large Organi­za­tions //document.
OMNISECURE 2020

SRC is partner of OMNISECURE 2020

As experts for IT security, we at SRC know that levels of protection are essential in the digital­ization of industry and society. The experts from the industry will present the security concepts required for this at the annual OMNISECURE. As a partner of OMNISECURE, SRC tradi­tionally enriches the discourse on these topics with the knowledge we have gathered in many projects. The OMNISECURE will take place in Berlin from 20 — 22 January 2020.

Electronic identi­fi­cation and the security required for it are one of the overar­ching topics at SRC and at the same time the core topic of the event. For SRC, the OMNISECURE provides an important platform for the cross-industry exchange of knowledge and experience with experts, specialists and execu­tives from business, politics, public admin­is­tration and science.

As a partner of OMNISECURE, SRC makes its contri­bution to provide partic­i­pants with a compre­hensive overview of new appli­ca­tions, hazards and solutions, technology trends, progress or delays in well-known, trend-setting projects. Ideas and relevant legislative projects are discussed in the same way as failures, from which one can always learn. The OMNISECURE offers a wealth of food for thought and encounters with renowned experts. It is not unusual for the foundation stones for future projects and decisions to be laid here.

We at SRC are looking forward to two rich days and to the varied and rich discus­sions with experts and customers.

ISB

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — May 5 to 8, 2020

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. But secure and efficient IT is also essential for the economic success of a bank.

The new “Banking Super­vision Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) has issued a guideline calling for the new function of the “Infor­mation Security Officer ” to be set up. He or she controls the infor­mation security process and reports directly to the management.

In cooper­ation with Bank-Verlag, SRC has already success­fully completed six certificate courses for the “Infor­mation Security Officer (ISB) for credit insti­tu­tions”. After the great response and the continuing demand, we are pleased that the Bank-Verlag has made another date possible for this four-day certificate course.

From 5 to 8 May 2020, you will once again have the oppor­tunity of further training in Cologne to become an “Infor­mation Security Officer (ISB) for credit insti­tu­tions”.

In a team with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Trinkaus & Burkhardt AG) the SRC experts Dagmar Schoppe, Florian Schumann and Randolf Skerka will give a lecture on the norms and standards according to ISO and IT-Grund­schutz, as well as on all legal/regulatory require­ments relevant for you as an ISB. In addition, the topics IT Risks and Contin­gency Management as well as Business Conti­nuity Management will be discussed.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Credit Insti­tu­tions”.

On 4 May 2020 you will also have the optional oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne prior to the event. This course deals with basics, terms, encryption and IT security techniques in infor­mation technology.

EMVCo

SRC recog­nised as SBMP Evalu­ation Laboratory by EMVCo

Mobile Payments: From chip card to mobile device

Mobile Payment is an electronic form of payment using mobile devices such as mobile phones, tablets or smart­watches. Electro­mag­netic, i.e. contactless, techniques are used to initiate, authorise and realise the payment. This makes the security of this form of payment a challenge.

EMVCo and Software-Based Mobile Payment (SBMP) Programme

EMVCo, which defines and further develops the EMV standard and checks its imple­men­tation, addresses these challenges with its new SBPM approval process. SBPM stands for Software-Based Mobile Payment Evalu­ation Process. This evalu­ation examines whether the security mecha­nisms and protective measures of a component or solution have the minimum security level defined by EMVCo. Manufac­turers are certified with a security assessment certificate that their products can withstand known attacks.

With the SBPM approval process, EMVCo supports the global security and inter­op­er­ability of mobile payment trans­ac­tions. The range of security assessment processes has so far included products for integrated circuits (IC), platforms and integrated circuits (ICC). For the first time, EMVCo has extended the scope of its approval processes to include software compo­nents and solutions for mobile payments.

EMVCo recog­nises SRC as SBPM Evalu­ation Laboratory

SRC is recog­nized by EMVCo as a security lab/assessor for the security assessment of software-based mobile payment solutions and compo­nents, in addition to the existing Mastercard and Visa recog­ni­tions.

SRC performs compre­hensive checks of the security mecha­nisms of a Mobile Payment App or its compo­nents. The imple­mented measures are examined using state-of-the-art methods, such as reverse engineering, side channel and runtime analyses, and their resilience/resistance to attackers and protection against misuse is evaluated.

If you are inter­ested in further infor­mation on the subject or the evalu­ation of your payment solution, please contact us.

Unternehmenstag 2019

Unternehmenstag 2019 — SRC partic­i­pates again!

Unternehmenstag 2019 — The Career Fair for Students and Career Starters

The end of the studies is in sight. The degree is within reach. At the latest now, students and graduates need contact to their future employer. SRC is looking forward to this contact. Two days at the University of Applied Sciences Bonn Rhein-Sieg on the campus in Sankt Augustin. This is where the Unternehmenstag 2019 takes place on 13 and 14 November.

The job fair will be rounded off with a wide range of offers relating to careers and career planning. These include lectures, appli­cation photos, job boards and much more.

Career in ITSRC provides an insight into exciting areas of respon­si­bility

SRC will also be happy to give students and graduates the oppor­tunity to gain an insight into and exchange views on the diverse topics of IT security at the Unternehmenstag 2019. The SRC experts will explain everyday life and the challenges in the assessment of security-relevant IT technologies. A selection of current topics are, for example, mobile payment methods, artificial intel­li­gence and critical infra­struc­tures. We expect our new colleagues to have a strong instinct for potential sources of error in complex technologies, the compe­tence to find solutions and the assertiveness to represent the results of their work to clients.

Current job offers on our career portal

Whether as a working student in our customer management or as a scanworker in the pentest team — completing diverse and exciting tasks while studying is no problem for us. But also graduates will get what they are looking for — we are looking for pentesters, consul­tants and analysts for different areas in our company.

Students and graduates are welcome to inform themselves in advance on our career portal about vacancies at our company. We will be happy to answer any questions you may have at the Unternehmenstag! You also have the option of submitting your appli­cation documents directly to us on site.

inova

SRC invited to inova 2019

SRC intro­duces the company at the career forum at TU Ilmenau

The inova will take place in October 2019 at the TU Ilmenau in Thueringen. Within the last 20 years, inovail­menau has become one of the most important career forums in Germany. Exclu­sively selected companies can engage in direct dialogue with students and establish contacts. As a selected company, SRC GmbH will be on site in central Germany and will offer inter­ested students an insight into the diverse topics of an IT security company and the corre­sponding career oppor­tu­nities.

Career in IT? Not only as the ” classical ” computer scien­tists

Frequently, you meet unsettled students when it comes to “what you want to do with your concrete degree in the future”. Certain occupa­tions in certain sectors, such as IT, struggle with the prejudice of only hosting and hiring the ” classical ” computer scien­tists. However, this is not the case in our industry.

SRC uses inova 2019 to give students at the TU Ilmenau, whose courses of study are strongly charac­terised by engineering science, an insight into and an exchange on the diverse subject areas of IT security. The SRC experts explain the challenges of technology assessment using examples such as mobile payment methods, artificial intel­li­gence and similar topics. This requires a strong instinct for potential sources of error in complex environ­ments, the compe­tence to find solutions and the will to implement them. Especially students with engineering, economic, mathe­matical and scien­tific backgrounds bring these valuable qualities with them.

The inovail­menau 2019

This year’s inovail­menau will take place at the TU Ilmenau from 22 to 23 October 2019, from 10 am to 4 pm. With over 5200 visitors, the inovail­menau is the most important student career forum in central Germany. The number of inter­ested companies is constantly growing, giving the inova team the oppor­tunity to exclu­sively handpick companies. We at SRC GmbH are therefore partic­u­larly pleased to be able to personally get in touch with the students of the TU Ilmenau in October and to inspire them with our company and career oppor­tu­nities. You are welcome to browse through our topics and our career portal in advance — we will be happy to answer any questions in a personal dialogue on site or in advance via our numerous contact options.

ICPS 2019

SRC at ICPS 2019 in dialogue with physics students

SRC attends the ICPS 2019 Jobfair

Physics students will meet for the 34th time at ICPS 2019 in Cologne. The “Jobfair” taking place on Tuesday, August 13, 2019, will provide the setting.

SRC uses the ICPS 2019 to provide physi­cists with insights into and an exchange on the diverse topics of IT security. The SRC experts explain the challenges of technology assessment using examples such as mobile payment methods, artificial intel­li­gence and similar topics. This requires a strong instinct for potential sources of error in complex environ­ments, the compe­tence to find solutions and the will to implement them. Especially students with a physical background bring these valuable qualities with them. Dr. Max Hettrich already reported in the interview “From quantum physicist to security analyst at SRC on how a career can develop from these qualities.

By students for students — The ICPS 2019

The ICPS finds a new home every year. More than 500 physics students and doctoral candi­dates from more than 50 nations not only have the oppor­tunity to exchange their knowledge; they also get to know the culture and mentality of the host country. The ICPS is organised by the respective student associ­a­tions of the host country. This year, the organ­i­sation team consisting of members of the young German Physical Society, the Institute for Theoretical Physics of the University of Cologne and the Bonn-Cologne Graduate School of Physics and Astronomy who have prepared a programme that will last 8 days.

Matthias Dahlmanns is the project coordi­nator of ICPS 2019 and a working student at SRC. “Coordi­nating the organ­i­sation of the ICPS 2019 is a great experience. The partic­i­pation of SRC makes me personally very happy”, says Matthias Dahlmanns. Dr. Benjamin Botermann, Senior Consultant Test & Quality Assurance, is also looking forward to the exchange with the many inter­ested physics students: “I am very excited about the ICPS Jobfair. As a physicist, I find myself absolutely at home working at SRC. I am looking forward to the exchange with the prospective physi­cists. In a personal conver­sation, I would like to talk about the various fields of activity at SRC and answer the numerous and detailed questions”.

IT Sicherheit in Krankenhäusern

How secure is IT in our hospitals?

Digiti­sation poses IT security challenges for hospitals

Cloud computing, networked commu­ni­cation, virtual teamwork — digiti­sation offers hospitals and other healthcare facil­ities enormous potential for optimi­sation. The effects on the profitability of medical facil­ities and on patient care are sustainably positive. If it weren’t for IT security. How well protected are healthcare networks? Can sensitive data be lost during trans­mission or in the course of collab­o­ration? Or even worse: be inter­cepted? Can IT security in hospitals keep pace with the tempo of digital­i­sation?

Protection of sensitive patient infor­mation is required

If one thinks about the most sensitive data of a society, then patient infor­mation certainly belongs to it. The need for protection is therefore partic­u­larly high. In the meantime, the legis­lator has also recog­nised this and created a clear legal situation. At the latest, IT security in the healthcare sector will become a playing field for liability risks and claims for damages. This is why IT security is a top priority in hospitals. Several hospitals have already painfully discovered that absolute security can hardly be achieved. In particular, the attack with the ransomware “Wannacry” in 2017 had an enormous impact on hospital IT worldwide. Exami­na­tions had to be postponed, opera­tions had to be cancelled and the financial damage was immense.

The electronic patient file, telemed­icine and cross-sector infor­mation logistics make it extremely demanding to manage data securely. But IT security is no longer just a technical issue. It also concerns the awareness of the employees, the inten­sified data protection and the growing require­ments of the legis­lator. Examples are the Medical Devices Ordinance (MDR) and the audits according to § 8a of the BSI Act.

SRC expert Dr. Deniz Ulucay talks to the KU Gesund­heits­man­agement Magazine

In an interview with Birgit Sander, editor of KU Gesund­heits­man­agement Magazine, Dr. Deniz Ulucay, SRC expert for IT security in healthcare, gives detailed insights into potential threat scenarios and adequate defense strategies. The title of the article asks: “How secure is IT in our hospitals? It can be downloaded here (German).