Our training course schedule kicks off again in June and we have recently formally launched our RoC Review Service.
Level 4 Merchants continue to struggle, as do the acquiring banks that are trying to manage them and fraud statistics have shown a year on year rise. Something isn't working. At ISSAwe are lobbying hard to ensure the government takes Cyber Security Skills seriously and arm the next generation with sufficient weaponry and know-how to help defend against the growing cyber-threat from terrorists and state actors alike.
I hope you enjoy the newsletter – any feedback would be more than welcome – please feel free to get in touch.Stay secure!
Tim
Tim Holman
CEO 2-sec
President ISSA-UK
Choosing the right QSA
It is well known there is a low barrier of entry for a security company to become a certified QSA Company (QSAC). As long as a reasonable amount of security experience can be documented and an annual fee paid, the resultant QSA examinations are trivial to pass. This unfortunately leads to a market that is awash with inexperienced auditors, that have made some very expensive decisions on behalf of entities whom have had to demonstrate validation against the standard. We would recommend you consider the following starting points prior to engaging a QSAC… read more here.
Between a RoC and a hard place?
A Report on Compliance (RoC) is an EXTREMELY IMPORTANT piece of paper. By signing the Attestation of Compliance, an Officer of your Company has just confirmed that everything within the RoC is valid, including the scope. The onus is not on the QSA to confirm your environment is compliant, it is on the Company Officer to confirm that everything the QSA has said is accurate. As most Company Officers are not security experts, then is it even appropriate that they sign it off in the first place? You only need to look at the data breaches of TJ Maxx, Heartland, Sony Entertainment et al to realise the QSA is never found culpable should things go wrong. Read more here.
2-sec Training Courses
Advanced PCI DSS Training Course
June 13-14 2013 London, UK – LAST REMAINING PLACES
June 21 2013, London, UK
September 17 2013, London, UK
November 8 2013, London, UKWe have recently launched a series of Incident Response Planning courses, led by Adrian Wright, ISSA-UK VP of Research, CEO at Secoda and past CISO of Reuters. With over 20 years experience of managing corporate information security and risk, Adrian brings real-life experience of critical security incidents to the table. Delegates will learn how to plan for, and deal with incidents when they happen. The course is suited both to security best practice and of course those responsible for PCI DSS Section 12.9 (Incident Response Plan). For further information, please click here.
June 27 2013, London, UK
September 19 2013, London, UK
November 2013, London, UKAs part of our mission to improve knowledge transfer and make it available to all, we have developed a one day training workshop in Cyber Threat Awareness for Executives. Click here for further information.
Upcoming Events
With April and Infosec out of the way, May looks to be a quiet month for events, but here is our pick of events over the next few weeks.
16 May, Bristol – ISSA-UK Regional Event
17 May, Sussex – Community Golf Challenge
4-5 June, London – Information Security and Cyber Crime Summit
13 June, London – ISSA-UK London Chapter Meeting
PCI Professionals LinkedIn Group
Mad for PCI? Can't get enough? With 
almost 800 members our LinkedIN group is going strong. Click here to join.