Safe Harbour agreement ruled invalid – Part 2
Blog, Risk & Assurance

Safe Harbour agreement ruled invalid – Part 2

Last week we posted about the recent ruling by the European Court of Justice that deemed the Safe Harbour framework, in place to protect the security of European citizens’ data held in the US, invalid.   Amid the current environment of mass surveillance, brought to light by the revelations of Edward Snowden, MEPs supported by […]

0 Shares
Brochures, Risk & Assurance

Risk & Assurance – Brochure

Sysnet is a true global market leader in Cyber Security Risk and Assurance, providing a comprehensive range of information security consultancy and assurance services in over 48 countries. Sysnet helps some of the largest global organisations to protect their business.    We count brand names such as Walmart, The AA, AXA Insurance, Direct Line Group, Bloomberg, […]

0 Shares
Safe Harbour agreement ruled invalid - Part 1
Blog, Risk & Assurance

Safe Harbour agreement ruled invalid – Part 1

Safe Harbour agreement ruled invalid – Part 1 On Tuesday 6 October, the European Court of Justice ruled that the safe harbour agreement designed to ensure the security of EU citizens’ data was invalid. This is a judgement with far reaching consequences for businesses on both sides of the Atlantic.   The Safe Harbour agreement […]

0 Shares
Blog, Risk & Assurance

The truth about cybersecurity

by Dr. Grigorios Fragkos, VP Cybersecurity Many articles have been written about cybersecurity, most have focused on the broad meaning of the term and in some cases have treated cybersecurity as an off-the-shelf product.   The truth is that cybersecurity is more complicated than that.  In this article, we will discuss some of the reasons […]

0 Shares
Blog, Risk & Assurance

Make sure you patch and update your systems

by Dr. Grigorios Fragkos, VP CyberSecurity   It is strongly suggested you verify that the Web Browsers you are using have been updated to the latest version and if you have Adobe Flash Player installed in your system, make sure you have downloaded the latest version from the official URL: https://get.adobe.com/flashplayer/.   In order to […]

0 Shares
Blog, Risk & Assurance

OpenSSL Vulnerability and its impact

On June 11th 2015, an updated version of OpenSSL was released. However, it was disclosed yesterday that it contained a serious certificate validation error. Luckily, the vulnerability was discovered quickly enough (two weeks ago) and once it was made public, a patch was also made available. To read more on the Open SSL Vulnerability please […]

0 Shares
Blog, Risk & Assurance

Ecommerce Security and PCI DSS compliance – Encouraging security awareness, Part 2

by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division In part 1 last week, I discussed how businesses may be putting themselves at risk by assuming that ‘PCI DSS compliant’ also meant secure, (for part 1 please click here).    Maybe what we should be doing is encouraging businesses to focus less on compliance as […]

0 Shares
Blog, Risk & Assurance

Ecommerce Security and PCI DSS compliance – A broader perspective on security, Part 1

by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division Ecommerce merchants are encouraged to reduce the risk of payment card data compromises in their online trading by outsourcing the acceptance and processing of cardholder data to validated PCI DSS compliant service providers.   The simplest and cheapest option for small ecommerce merchants is to […]

0 Shares
Blog, Risk & Assurance

Achieving compliance through security

by Anne Wood, Quality Service Delivery Manager Since the introduction of PCI DSS, acquirers and card brands have placed increasing pressure on merchants to report compliance with the standard. Compliance in itself is often seen as a check-box exercise, and with self-assessment based reporting for a majority of organisations, there is a risk that this […]

0 Shares
Articles, Blog, Risk & Assurance

Understanding the significance of Operations Security (OPSEC) in a fast evolving threat landscape

by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up […]

0 Shares
Blog, Risk & Assurance

Legacy systems and data could be risking merchant compliance

by Natasja Bolton, Managing Information Security Consultant At Sysnet we often find that merchants are prepared to make changes to reduce the complexity or risk in how they handle and process cardholder data. They’ll consider new solutions to reduce their assessment scope or minimise their exposure to cardholder data, for example; outsourcing card handling to […]

0 Shares
Blog, Risk & Assurance

The LogJam attack vulnerability – what you need to know

Logjam attack, a vulnerability that affects a number of major protocols has been discovered. The bug relates to a weakness within a cryptographic algorithm that is used in most protocols (such as HTTPS, SSH, IPsec, SMTPS, etc.) it is possible for a Man-in-The-Middle (MiTM) attacker to read and modify any data passed over the affected encrypted communication.   […]

0 Shares
Blog, Risk & Assurance

The VENOM Vulnerability and its impact

The VENOM Vulnerability, a recently discovered critical flaw in the QEMU’s virtual Floppy Disk Controller (FDC) affects numerous virtualisation platforms and appliances such as Xen, KVM, and the native QEMU.   As far as we know, to date, it does not impact VMware, Microsoft Hyper-V, and the Bochs hypervisors. The bug’s name is an acronym […]

0 Shares
Blog, Risk & Assurance

Merchant breach protection – minimising the impact in the event of an account data compromise

by Jason McWhirr, Information Security Consultant, Consulting Services Sysnet’s QSA community has observed that in recent months merchants have become bolder in challenging why compliance with the Payment Card Industry Data Security Standard (PCI DSS) is necessary for their business; challenging what they see as a costly and time-consuming imposition when they believe there is […]

0 Shares
Articles, Blog, Risk & Assurance

EU Data Protection Regulation

by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs The globalisation of data and the enormous technological developments of the last decade raises a number of new challenges when it comes to data protection and privacy. Current privacy legislation has not yet caught up with the technology boom when it comes to personal data, and […]

0 Shares
10 common myths about the Payment Card Industry Data Security Standard
Blog, FDUS - Associates, FDUS - Managers, Risk & Assurance, Videos

10 common myths about the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard and its requirements can sometimes be misinterpreted and can seem complex, especially for smaller businesses. In the following video ’10 common myths about the Payment Card Industry Data Security Standard’ we dispel some of the common myths concerning PCI DSS.    

0 Shares
What's the real cost of a data breach?
Blog, FDUS - Associates, FDUS - Managers, Risk & Assurance, Videos

What’s the real cost of a data breach?

Research shows that the cost of non-compliance with the PCI DSS can be two and a half times more expensive than protecting your customer’s data.   Small merchants are often not safer than larger ones, in fact they are more likely to be targeted by data thieves due to not investing in the necessary resources. […]

0 Shares
What is PCI DSS?
Blog, Risk & Assurance, Whitepapers

What is PCI DSS?

Natasja Bolton, Consulting Manager   Founded in December 2004 by 5 major card brands – Visa, Mastercard, American Express, Discover and JCB. The Payment Card Industry Data Security Standard or PCI DSS for short is a compliance standard that defines data security requirements relating to the processing, storage or transmission of cardholder data.   In 2006, the card […]

0 Shares