OMNISECURE 2020

SRC is partner of OMNISECURE 2020

As experts for IT security, we at SRC know that levels of protection are essential in the digital­ization of industry and society. The experts from the industry will present the security concepts required for this at the annual OMNISECURE. As a partner of OMNISECURE, SRC tradi­tionally enriches the discourse on these topics with the knowledge we have gathered in many projects. The OMNISECURE will take place in Berlin from 20 — 22 January 2020.

Electronic identi­fi­cation and the security required for it are one of the overar­ching topics at SRC and at the same time the core topic of the event. For SRC, the OMNISECURE provides an important platform for the cross-industry exchange of knowledge and experience with experts, specialists and execu­tives from business, politics, public admin­is­tration and science.

As a partner of OMNISECURE, SRC makes its contri­bution to provide partic­i­pants with a compre­hensive overview of new appli­ca­tions, hazards and solutions, technology trends, progress or delays in well-known, trend-setting projects. Ideas and relevant legislative projects are discussed in the same way as failures, from which one can always learn. The OMNISECURE offers a wealth of food for thought and encounters with renowned experts. It is not unusual for the foundation stones for future projects and decisions to be laid here.

We at SRC are looking forward to two rich days and to the varied and rich discus­sions with experts and customers.

Certificate_Course_ISB

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — May 5 to 8, 2020

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. But secure and efficient IT is also essential for the economic success of a bank.

The new “Banking Super­vision Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) has issued a guideline calling for the new function of the “Infor­mation Security Officer ” to be set up. He or she controls the infor­mation security process and reports directly to the management.

In cooper­ation with Bank-Verlag, SRC has already success­fully completed three certificate courses for the “Infor­mation Security Officer (ISB) for credit insti­tu­tions”. After the great response and the continuing demand, we are pleased that the Bank-Verlag has made another date possible for this four-day certificate course.

From 5 to 8 May 2020, you will once again have the oppor­tunity of further training in Cologne to become an “Infor­mation Security Officer (ISB) for credit insti­tu­tions”.

In a team with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Trinkaus & Burkhardt AG) the SRC experts Dagmar Schoppe, Florian Schumann and Randolf Skerka will give a lecture on the norms and standards according to ISO and IT-Grund­schutz, as well as on all legal/regulatory require­ments relevant for you as an ISB. In addition, the topics IT Risks and Contin­gency Management as well as Business Conti­nuity Management will be discussed.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Credit Insti­tu­tions”.

On 4 May 2020 you will also have the optional oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne prior to the event. This course deals with basics, terms, encryption and IT security techniques in infor­mation technology.

EMVCo

SRC recog­nised as SBMP Evalu­ation Laboratory by EMVCo

Mobile Payments: From chip card to mobile device

Mobile Payment is an electronic form of payment using mobile devices such as mobile phones, tablets or smart­watches. Electro­mag­netic, i.e. contactless, techniques are used to initiate, authorise and realise the payment. This makes the security of this form of payment a challenge.

EMVCo and Software-Based Mobile Payment (SBMP) Programme

EMVCo, which defines and further develops the EMV standard and checks its imple­men­tation, addresses these challenges with its new SBPM approval process. SBPM stands for Software-Based Mobile Payment Evalu­ation Process. This evalu­ation examines whether the security mecha­nisms and protective measures of a component or solution have the minimum security level defined by EMVCo. Manufac­turers are certified with a security assessment certificate that their products can withstand known attacks.

With the SBPM approval process, EMVCo supports the global security and inter­op­er­ability of mobile payment trans­ac­tions. The range of security assessment processes has so far included products for integrated circuits (IC), platforms and integrated circuits (ICC). For the first time, EMVCo has extended the scope of its approval processes to include software compo­nents and solutions for mobile payments.

EMVCo recog­nises SRC as SBPM Evalu­ation Laboratory

SRC is recog­nized by EMVCo as a security lab/assessor for the security assessment of software-based mobile payment solutions and compo­nents, in addition to the existing Mastercard and Visa recog­ni­tions.

SRC performs compre­hensive checks of the security mecha­nisms of a Mobile Payment App or its compo­nents. The imple­mented measures are examined using state-of-the-art methods, such as reverse engineering, side channel and runtime analyses, and their resilience/resistance to attackers and protection against misuse is evaluated.

If you are inter­ested in further infor­mation on the subject or the evalu­ation of your payment solution, please contact us.

Unternehmenstag 2019

Unternehmenstag 2019 — SRC partic­i­pates again!

Unternehmenstag 2019 — The Career Fair for Students and Career Starters

The end of the studies is in sight. The degree is within reach. At the latest now, students and graduates need contact to their future employer. SRC is looking forward to this contact. Two days at the University of Applied Sciences Bonn Rhein-Sieg on the campus in Sankt Augustin. This is where the Unternehmenstag 2019 takes place on 13 and 14 November.

The job fair will be rounded off with a wide range of offers relating to careers and career planning. These include lectures, appli­cation photos, job boards and much more.

Career in ITSRC provides an insight into exciting areas of respon­si­bility

SRC will also be happy to give students and graduates the oppor­tunity to gain an insight into and exchange views on the diverse topics of IT security at the Unternehmenstag 2019. The SRC experts will explain everyday life and the challenges in the assessment of security-relevant IT technologies. A selection of current topics are, for example, mobile payment methods, artificial intel­li­gence and critical infra­struc­tures. We expect our new colleagues to have a strong instinct for potential sources of error in complex technologies, the compe­tence to find solutions and the assertiveness to represent the results of their work to clients.

Current job offers on our career portal

Whether as a working student in our customer management or as a scanworker in the pentest team — completing diverse and exciting tasks while studying is no problem for us. But also graduates will get what they are looking for — we are looking for pentesters, consul­tants and analysts for different areas in our company.

Students and graduates are welcome to inform themselves in advance on our career portal about vacancies at our company. We will be happy to answer any questions you may have at the Unternehmenstag! You also have the option of submitting your appli­cation documents directly to us on site.

inova

SRC invited to inova 2019

SRC intro­duces the company at the career forum at TU Ilmenau

The inova will take place in October 2019 at the TU Ilmenau in Thueringen. Within the last 20 years, inovail­menau has become one of the most important career forums in Germany. Exclu­sively selected companies can engage in direct dialogue with students and establish contacts. As a selected company, SRC GmbH will be on site in central Germany and will offer inter­ested students an insight into the diverse topics of an IT security company and the corre­sponding career oppor­tu­nities.

Career in IT? Not only as the ” classical ” computer scien­tists

Frequently, you meet unsettled students when it comes to “what you want to do with your concrete degree in the future”. Certain occupa­tions in certain sectors, such as IT, struggle with the prejudice of only hosting and hiring the ” classical ” computer scien­tists. However, this is not the case in our industry.

SRC uses inova 2019 to give students at the TU Ilmenau, whose courses of study are strongly charac­terised by engineering science, an insight into and an exchange on the diverse subject areas of IT security. The SRC experts explain the challenges of technology assessment using examples such as mobile payment methods, artificial intel­li­gence and similar topics. This requires a strong instinct for potential sources of error in complex environ­ments, the compe­tence to find solutions and the will to implement them. Especially students with engineering, economic, mathe­matical and scien­tific backgrounds bring these valuable qualities with them.

The inovail­menau 2019

This year’s inovail­menau will take place at the TU Ilmenau from 22 to 23 October 2019, from 10 am to 4 pm. With over 5200 visitors, the inovail­menau is the most important student career forum in central Germany. The number of inter­ested companies is constantly growing, giving the inova team the oppor­tunity to exclu­sively handpick companies. We at SRC GmbH are therefore partic­u­larly pleased to be able to personally get in touch with the students of the TU Ilmenau in October and to inspire them with our company and career oppor­tu­nities. You are welcome to browse through our topics and our career portal in advance — we will be happy to answer any questions in a personal dialogue on site or in advance via our numerous contact options.

ICPS 2019

SRC at ICPS 2019 in dialogue with physics students

SRC attends the ICPS 2019 Jobfair

Physics students will meet for the 34th time at ICPS 2019 in Cologne. The “Jobfair” taking place on Tuesday, August 13, 2019, will provide the setting.

SRC uses the ICPS 2019 to provide physi­cists with insights into and an exchange on the diverse topics of IT security. The SRC experts explain the challenges of technology assessment using examples such as mobile payment methods, artificial intel­li­gence and similar topics. This requires a strong instinct for potential sources of error in complex environ­ments, the compe­tence to find solutions and the will to implement them. Especially students with a physical background bring these valuable qualities with them. Dr. Max Hettrich already reported in the interview “From quantum physicist to security analyst at SRC on how a career can develop from these qualities.

By students for students — The ICPS 2019

The ICPS finds a new home every year. More than 500 physics students and doctoral candi­dates from more than 50 nations not only have the oppor­tunity to exchange their knowledge; they also get to know the culture and mentality of the host country. The ICPS is organised by the respective student associ­a­tions of the host country. This year, the organ­i­sation team consisting of members of the young German Physical Society, the Institute for Theoretical Physics of the University of Cologne and the Bonn-Cologne Graduate School of Physics and Astronomy who have prepared a programme that will last 8 days.

Matthias Dahlmanns is the project coordi­nator of ICPS 2019 and a working student at SRC. “Coordi­nating the organ­i­sation of the ICPS 2019 is a great experience. The partic­i­pation of SRC makes me personally very happy”, says Matthias Dahlmanns. Dr. Benjamin Botermann, Senior Consultant Test & Quality Assurance, is also looking forward to the exchange with the many inter­ested physics students: “I am very excited about the ICPS Jobfair. As a physicist, I find myself absolutely at home working at SRC. I am looking forward to the exchange with the prospective physi­cists. In a personal conver­sation, I would like to talk about the various fields of activity at SRC and answer the numerous and detailed questions”.

IT Sicherheit in Krankenhäusern

How secure is IT in our hospitals?

Digiti­sation poses IT security challenges for hospitals

Cloud computing, networked commu­ni­cation, virtual teamwork — digiti­sation offers hospitals and other healthcare facil­ities enormous potential for optimi­sation. The effects on the profitability of medical facil­ities and on patient care are sustainably positive. If it weren’t for IT security. How well protected are healthcare networks? Can sensitive data be lost during trans­mission or in the course of collab­o­ration? Or even worse: be inter­cepted? Can IT security in hospitals keep pace with the tempo of digital­i­sation?

Protection of sensitive patient infor­mation is required

If one thinks about the most sensitive data of a society, then patient infor­mation certainly belongs to it. The need for protection is therefore partic­u­larly high. In the meantime, the legis­lator has also recog­nised this and created a clear legal situation. At the latest, IT security in the healthcare sector will become a playing field for liability risks and claims for damages. This is why IT security is a top priority in hospitals. Several hospitals have already painfully discovered that absolute security can hardly be achieved. In particular, the attack with the ransomware “Wannacry” in 2017 had an enormous impact on hospital IT worldwide. Exami­na­tions had to be postponed, opera­tions had to be cancelled and the financial damage was immense.

The electronic patient file, telemed­icine and cross-sector infor­mation logistics make it extremely demanding to manage data securely. But IT security is no longer just a technical issue. It also concerns the awareness of the employees, the inten­sified data protection and the growing require­ments of the legis­lator. Examples are the Medical Devices Ordinance (MDR) and the audits according to § 8a of the BSI Act.

SRC expert Dr. Deniz Ulucay talks to the KU Gesund­heits­man­agement Magazine

In an interview with Birgit Sander, editor of KU Gesund­heits­man­agement Magazine, Dr. Deniz Ulucay, SRC expert for IT security in healthcare, gives detailed insights into potential threat scenarios and adequate defense strategies. The title of the article asks: “How secure is IT in our hospitals? It can be downloaded here (German).

IT Security Congress 2019

IT-Security Congress 2019 — Arne Schönbohm welcomes SRC

The IT-Security Congress 2019 again offered SRC the platform for dialogues with manufac­turers, partners and repre­sen­ta­tives of public author­ities. The motto of the event was “IT security as a prereq­uisite for successful digiti­zation”. The topics are as varied as the visitors: artificial intel­li­gence and its fields of appli­cation, Common Criteria certi­fi­ca­tions of micro-kernel operating systems and profes­sional perspec­tives for scien­tists and computer scien­tists at SRC. Almost all SRC services were in demand at the stand, whether penetration tests, consulting and certi­fi­cation of infor­mation security management systems or support for product manufac­turers in evalu­a­tions according to Common Criteria.

Sandro Amendola’s lecture at the IT-Security Congress 2019, entitled “Legal Security Require­ments for Payment Proce­dures for Customer Authen­ti­cation Using Mobile Devices”, was widely discussed. The high pace of innovation on the one hand and the parallel devel­opment of regulatory require­ments on the other hand provide continuous material for discus­sions and forecasts of future trends.

The host of the IT-Security Congress 2019, the Federal Office for Infor­mation Security (BSI) (see photo), also stopped by our stand. Thilo Pannen is respon­sible for Business Devel­opment at SRC. “We at SRC are delighted that we have been able to support the BSI for many years with a range of experts,” said Thilo Pannen in his welcoming address. The extensive discussion with BSI President Arne Schönbohm touched all aspects of the extensive cooper­ation with the BSI. Be it the prepa­ration of studies, the support in the various BSI projects or the work of SRC as a BSI-recog­nized testing laboratory. In its function as a testing laboratory, SRC does not only assess according to Common Criteria. The require­ments for the technical domains “Smart­cards and similar Devices” and “Hardware Devices with Security Boxes” are also fulfilled by SRC.
Such extensive and complex cooper­ation in such a dynamic environment requires constant adaptation of the processes. “If we at BSI can contribute to further good cooper­ation, please let me know,” said the BSI President at the end of his visit to the SRC stand.

IT Security Congress

SRC contributes to the German IT Security Congress 2019

IT security as a prereq­uisite for successful digital­i­sation

This is the motto of this year’s German IT Security Congress, which is held every two years by the Federal Office for Infor­mation Security (BSI). The congress will take place from 21 to 23 May 2019 at the Stadthalle Bonn — Bad Godesberg. The aim of this year’s congress is to examine the topic of IT security from different perspec­tives, to present and further develop possible solutions.

SRC is at the German IT Security Congress

As a BSI-approved evalu­ation body for evalu­a­tions according to Common Criteria (CC) and various other technical guide­lines, SRC will also be present with a booth at the German IT Security Congress in 2019. Thus we offer the experts of customers, partners and those of the BSI once again the well-estab­lished contact point at the German IT Security Congress. This concept has proven itself over many years. The stable personal network between the partic­i­pants offers the optimal platform for the transfer of complex technical and regulatory aspects.

SRC expert Sandro Amendola talks about compliance, mobile payment proce­dures and customer authen­ti­cation

The triumphal march of mobile payment proce­dures seems unstop­pable. The legis­lator has also inten­sively considered the security of these proce­dures and the necessary customer authen­ti­cation. Sandro Amendola will talk about “Legal security require­ments for payment proce­dures for customer authen­ti­cation using mobile devices” on Thursday, 23 May 2019 at 11:00 a.m. in the main hall.

BarCamp “Infor­mation Security Management in Credit Insti­tu­tions” — 19 September 2019

In cooper­ation with SRC Security Research & Consulting GmbH, Bank-Verlag GmbH hosts a BarCamp on the subject of “Infor­mation Security Management in Credit Insti­tu­tions”. The event will take place on 19 September 2019 at the premises of Bank-Verlag in Cologne.

The Federal Financial Super­visory Authority (BaFin) has also defined the new function of the Infor­mation Security Officer with the “Banking Super­visory Require­ments for IT” (BAIT). He or she controls the infor­mation security process and reports directly to management. What this theory looks like in practice will be examined in more detail on 19 September at the BarCamp “Infor­mation Security Management in Credit Insti­tu­tions”.

The BarCamp Principle

A BarCamp is an open conference with practical workshops. The workshops serve the exchange and discussion among the partic­i­pants. At the beginning, the partic­i­pants themselves develop the contents and the agenda, which they then develop further. There are no prede­fined speakers or proce­dures to be found in a BarCamp. Instead, this principle relies on the (moderated) exchange of experience.

BarCamp “Infor­mation Security Management in Credit Insti­tu­tions

The BarCamp “Infor­mation Security Management in Credit Insti­tu­tions” gives Infor­mation Security Officers as well as all those respon­sible for infor­mation and IT security management at credit insti­tu­tions the oppor­tunity to exchange infor­mation on topics such as BAIT audits, service provider management or risk management. In addition, contacts can be estab­lished and expertise expanded. The coffee breaks can be used for individual discus­sions. At the end of the event, a “get-together” provides an in-depth exchange among the partic­i­pants.

The SRC Speakers

Four experts from different areas of SRC will share their knowledge and expertise with the partic­i­pants.

Sandro Amendola, deputy head of the evalu­ation body at SRC, is respon­sible for the topic “IT compliance in the banking industry”. In addition, he develops security concepts and security require­ments for payment trans­action proce­dures on behalf of the German banking industry, among others.

Jochen Schumacher is respon­sible for commu­ni­ca­tions at SRC. He concen­trates on product management, the technical and editorial support of the website as well as the planning, imple­men­tation and moder­ation of events.

Florian Schumann is Head of IT at SRC. In addition, he is an infor­mation security consultant and qualified auditor according to § 8 (a) BSIG for critical infra­struc­tures.

Dr. Deniz Ulucay works at SRC as a consultant for infor­mation security. His focus is on the devel­opment of ISMSs, in particular for operators of critical infra­struc­tures. He is also respon­sible for the devel­opment and imple­men­tation of security concepts.

Regis­tration & Schedule

Further infor­mation about the regis­tration and the course of the BarCamp on the topic “Infor­mation security management in Credit Insti­tu­tions” can be found in this flyer (GER) and on the website of Bank-Verlag. Here you can register directly online for the event and bring in the topics that are important and inter­esting for you and thus help to determine the course and outcome of the BarCamp “Infor­mation Security Management in Credit Insti­tu­tions”.

For further questions Mrs. van Kessel is at your disposal (Tel. 0221/5490–161, andrea.vankessel(at)bank-verlag.de).