Posts

ICPS 2019

SRC at ICPS 2019 in dialogue with physics students

SRC attends the ICPS 2019 Jobfair

Physics students will meet for the 34th time at ICPS 2019 in Cologne. The “Jobfair” taking place on Tuesday, August 13, 2019, will provide the setting.

SRC uses the ICPS 2019 to provide physi­cists with insights into and an exchange on the diverse topics of IT security. The SRC experts explain the challenges of technology assessment using examples such as mobile payment methods, artificial intel­li­gence and similar topics. This requires a strong instinct for potential sources of error in complex environ­ments, the compe­tence to find solutions and the will to implement them. Especially students with a physical background bring these valuable qualities with them. Dr. Max Hettrich already reported in the interview “From quantum physicist to security analyst at SRC on how a career can develop from these qualities.

By students for students — The ICPS 2019

The ICPS finds a new home every year. More than 500 physics students and doctoral candi­dates from more than 50 nations not only have the oppor­tunity to exchange their knowledge; they also get to know the culture and mentality of the host country. The ICPS is organised by the respective student associ­a­tions of the host country. This year, the organ­i­sation team consisting of members of the young German Physical Society, the Institute for Theoretical Physics of the University of Cologne and the Bonn-Cologne Graduate School of Physics and Astronomy who have prepared a programme that will last 8 days.

Matthias Dahlmanns is the project coordi­nator of ICPS 2019 and a working student at SRC. “Coordi­nating the organ­i­sation of the ICPS 2019 is a great experience. The partic­i­pation of SRC makes me personally very happy”, says Matthias Dahlmanns. Dr. Benjamin Botermann, Senior Consultant Test & Quality Assurance, is also looking forward to the exchange with the many inter­ested physics students: “I am very excited about the ICPS Jobfair. As a physicist, I find myself absolutely at home working at SRC. I am looking forward to the exchange with the prospective physi­cists. In a personal conver­sation, I would like to talk about the various fields of activity at SRC and answer the numerous and detailed questions”.

IT Security Congress

SRC contributes to the German IT Security Congress 2019

IT security as a prereq­uisite for successful digital­i­sation

This is the motto of this year’s German IT Security Congress, which is held every two years by the Federal Office for Infor­mation Security (BSI). The congress will take place from 21 to 23 May 2019 at the Stadthalle Bonn — Bad Godesberg. The aim of this year’s congress is to examine the topic of IT security from different perspec­tives, to present and further develop possible solutions.

SRC is at the German IT Security Congress

As a BSI-approved evalu­ation body for evalu­a­tions according to Common Criteria (CC) and various other technical guide­lines, SRC will also be present with a booth at the German IT Security Congress in 2019. Thus we offer the experts of customers, partners and those of the BSI once again the well-estab­lished contact point at the German IT Security Congress. This concept has proven itself over many years. The stable personal network between the partic­i­pants offers the optimal platform for the transfer of complex technical and regulatory aspects.

SRC expert Sandro Amendola talks about compliance, mobile payment proce­dures and customer authen­ti­cation

The triumphal march of mobile payment proce­dures seems unstop­pable. The legis­lator has also inten­sively considered the security of these proce­dures and the necessary customer authen­ti­cation. Sandro Amendola will talk about “Legal security require­ments for payment proce­dures for customer authen­ti­cation using mobile devices” on Thursday, 23 May 2019 at 11:00 a.m. in the main hall.

Information security officers for credit institutions

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — November 19 to 22, 2019

BAIT-Compliance: Use of an Infor­mation Security Officer (ISB)

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. However, secure and efficient IT is also essential for the economic success of a bank. The new “Banking Super­vision Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) is calling for the newly created function “Infor­mation Security Officer for Credit Insti­tu­tions” (ISB) in its guideline. They control the infor­mation security process and report directly to the management.

6th Certificate Course “Infor­mation Security Officer (ISB) for Credit Insti­tu­tions

In cooper­ation with Bank-Verlag, SRC has already success­fully completed five certificate courses on “Infor­mation Security Officer (ISB) for Credit Insti­tu­tions”. After the great response and the continuing demand, we are pleased that Bank-Verlag has made another date possible for this four-day certificate course.

From 19 to 22 November 2019, you will once again have the oppor­tunity to receive further training as an “Infor­mation Security Officer (ISB) for Credit Insti­tu­tions” on the premises of Bank-Verlag GmbH in Cologne.

Training by skilled experts

In cooper­ation with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Germany) the SRC experts Sandro Amendola, Florian Schumann and Dr. Deniz Ulucay will give lectures. In this course, the experts inform you compre­hen­sively about the norms and standards according to ISO and IT-Grund­schutz, as well as about all legal/regulatory require­ments relevant to you as an ISB. In addition, the topics IT Risks and Emergency Prevention as well as Business Conti­nuity Management are dealt with.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Credit Insti­tu­tions”.

Optionally, you have the oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne on 18 November 2019 prior to the event. This course deals with the basics, terms, encryption and IT security techniques in infor­mation technology.

NextGenPSD2 certification

NextGenPSD2 certi­fi­cation | SRC launches audits for XS2A

Are you ready to certify your NextGenPSD2 imple­men­tation?

The revised Payment Services Directive (PSD2) requires banks to allow autho­rized third parties access to customer data. These third party payment service providers (TPP) are to be granted access via a programming interface (XS2A) with the customer’s consent. With this data, TPPs will be able to offer innov­ative payment initi­ation and account infor­mation services. The NextGenPSD2 certi­fi­cation promotes the imple­men­tation of a uniform standard.

Most banks and API providers in Europe implement the XS2A interface using the NextGenPSD2 framework of the Berlin Group. This is an open and Europe-wide harmo­nized solution for imple­menting the PSD2 require­ments for the XS2A interface.

The correct imple­men­tation of the XS2A interface relieves the institute from imple­menting a fallback interface solution. The NextGenPSD2 Imple­men­tation Support Program (NISP) offers the partic­i­pants a testing framework with test concept, test case catalog, compliance best practices and test tool require­ments. The imple­menting institute evaluates its own work. As a result, the imple­men­tation is completed. It remains to be seen if this self-assessment will be considered suffi­cient by the super­visory authority (NCA).

Why should you undergo the NextGenPSD2 certi­fi­cation?

The self-assessment of the NextGenPSD2 imple­men­tation already offers a high level of quality. However, different inter­pre­ta­tions of the speci­fi­cation can lead to inter­op­er­ability problems. There is currently no documented agreement between banks and third-party providers on the exact imple­men­tation of the XS2A interface. This increases the proba­bility that the respon­sible super­visory authority of the banks will refuse the exemption from the imple­men­tation of a fallback interface solution.

SRC has extensive and detailed expertise from its involvement in the speci­fi­cation and imple­men­tation of the XS2A interface as part of NISP. On this basis, we have developed the NextGenPSD2 certi­fi­cation for you.

How does the NextGenPSD2 certi­fi­cation process work?

Require­ments for the NextGenPSD2 certi­fi­cation are the test case catalogue, the imple­men­tation profile and the test speci­fi­cation of the imple­menting institute. SRC uses these require­ments to carry out a complete functional, security and perfor­mance audit of the NextGenPSD2 imple­men­tation.

Audit Validation

During validation, the imple­men­tation is reviewed with respect to the require­ments of the documen­tation.

Functional part

In the functional part, the test speci­fi­ca­tions are executed and the results are verified.

Non-functional part

In the non-functional part, the avail­ability of the imple­men­tation (stress test) is deter­mined and evaluated at relevant points.

Security test

In the security test, methods of penetration testing are used. It is evaluated if the imple­men­tation of the XS2A interface offers suffi­cient protection against fraud attempts on customer data and trans­ac­tions.

The certi­fi­cation is documented in a final report. If all require­ments are at least suffi­ciently fulfilled, the institute receives an SRC certificate. With this certificate, the conformity of the imple­mented XS2A interface can be demon­strated to third parties and the super­visory authority. Based on the first certi­fi­cation, regression audits can be carried out in the future.

SRC consulting services for devel­opment optimization or for creating the test speci­fi­cation can be used to prepare for the NextGenPSD certi­fi­cation.

Why SRC?

As a co-editor of the NextGenPSD2 Framework and the NISP Testing Framework, SRC has a deep under­standing of the NextGenPSD2 standards and all tasks associated with testing. In addition, SRC has many years of experience in devel­oping test environ­ments with many licensed auditors for multiple functional and security evalu­a­tions according to formal certi­fi­cation schemes. As a result, SRC is able to carry out a high-quality audit with manageable effort.

Are you inter­ested in NextGenPSD2 certi­fi­cation? Then please contact us at info@src-gmbh.de.

Transakt entspricht dem EBA-RTS

Transakt complies with the EBA RTS

SRC confirms that the mobile banking solution Transakt by Entersekt meets the PSD2 require­ments

Read more

Information Security Officer for Credit Institutions

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — November 6 to 9, 2018

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. However, secure and efficient IT is also absolutely essential for the economic success of a credit insti­tution.

The new “Banking Super­visory Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) has issued a guideline calling for the new function of the ” Infor­mation Security Officer ” to be set up. He or she controls the infor­mation security process and reports directly to management.

In cooper­ation with Bank-Verlag, SRC has already success­fully offered three certificate courses to become an “Infor­mation Security Officer (ISB) for credit insti­tu­tions”. After the great response and the continuing demand, we are pleased that the Bank-Verlag has made another date for this four-day certificate course possible.

From 6 to 9 November 2018, you will again have the oppor­tunity to receive further training in Cologne to become an “Infor­mation Security Officer (ISB) for credit insti­tu­tions”.

Teamed up with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Trinkaus & Burkhardt AG), the SRC experts Sandro Amendola, Florian Schumann and Randolf Skerka will give a lecture on the norms and standards according to ISO and IT-Grund­schutz, as well as on all legal/regulatory require­ments relevant to you as an ISB. In addition, the topics IT risks and emergency precau­tions as well as business conti­nuity management will be dealt with.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Banks”.

Optionally, you will have the oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne on 5 November 2018 prior to the event. This course deals with the basics, terms, encryption and IT security techniques in infor­mation technology.

CSCUBS 2018

SRC supports the 5th Computer Science Conference for University of Bonn Students — CSCUBS 2018

SRC is pleased to support the 5th Computer Science Conference for University of Bonn StudentsCSCUBS 2018, which will take place on May 16, 2018.

Promotion of research and scien­tific exchange

CSCUBS 2018 is organised by PhD and Masters students. Its goal is the promotion of research in computer science, as well as the scien­tific exchange between students, researchers and practi­tioners. “The CSCUBS is an initiative from among the students that SRC gladly supports,” says Detlef Kraus, autho­rized signatory at SRC. “And especially the profes­sional exchange between research, practice and teaching is urgently needed if our society wants to meet the challenges of IT security with confi­dence,” Kraus continues.

Starting point for personal and profes­sional exchange

The 5th Computer Science Conference for Students of the University of Bonn (CSCUBS 2018) provides a platform for university projects, disser­ta­tions and results from research, devel­opment and practice in the field of computer science. The conference will take place on 16 May 2018 at the University of Bonn. SRC supports the event not only as a sponsor. We will also be present with a booth to offer a point of contact for personal and profes­sional exchange.

Presen­tation of a project result at CSCUBS 2018 included

SRC will also present one of its many projects at the CSCUBS. Practice often provides surprising research approaches and exciting insights. The CSCUBS is a welcome platform for SRC to present our work to an inter­ested, young and competent circle of experts and to exchange ideas. Perhaps the many discus­sions will also provide qualified starting points for using the expertise gathered at CSCUBS 2018 in joint project work.