RSS

Testimonials

TestimonialsPlease click on the link below to see a list of our current client testimonials. 

read testimonials


Connect with us on 

LinkedIn 

Follow us on

Twitter 

Join us on

Facebook

 Subscribe to us on

 

Read our Blog on

 

 

   

 

Related Articles

 

   

Newsletter

Subscribe to our newsletter

Data Breaches – Compulsory Disclosure?

EU Justice Minister Viviane Reding, has recently announced that she is formulating a policy that will mandate any business trading in the EU or who targets EU residents, to notify their customers, and the regulatory authorities, if they suffer a data breach. The intention being to ensure that all businesses handling sensitive data take their obligations seriously.

This action follows the recent spate of attacks on some high profile organisations, where millions of personal data records were subject to data hacks.

Following the introduction of the EU e-privacy directive on 26th May 2011, Telecoms, and Internet Service Providers are already subject to mandatory data breach disclosure, and the Minister is now seeking to widen these powers to include all sectors.

The legislation has the power to impose penalties and legal sanctions for any infringement and it is expected that these strong ’incentives‘, will encourage businesses to conduct serious risk assessments regarding their storage of sensitive personal data, and implement appropriate security measures to protect the confidentially and integrity of this information.

It should also be noted that the UK Information Commissioner has regulatory powers to investigate and penalise in cases of deliberate and persistent misconduct.

With all of the increasing media and regulatory interest in data security, how does a business go about protecting its’ key assets, particularly customer databases and avoid a data breach?

How can Sysnet Global Solutions help?
Sysnet offers a Security Assessment service, which provides a unique and flexible approach encompassing Incident Response, Audit, Computer Forensics and Penetration testing.

The assessment will be tailored to the individual needs of the business, and can include reviews of encryption, wireless networking, portable device security, contingency plans, security awareness, system configuration and premises vulnerabilities.

If a business takes card payments, they will fall under the requirements of the Payments Card Industry – Data Security Standards (PCI-DSS) – However the Sysnet Security Assessment service goes into far more detail, so that the customer can feel confident that they are in control of their security position.

Additionally Sysnet offer an on-demand, computer incident response service, whereby in the event of an incident, Sysnet can be on call ready to provide advice and visit the affected site to help contain the incident, offer guidance and if required, conduct a forensic investigation. This service is pre-arranged and also includes an initial visit to the site to help assist in highlighting security vulnerabilities, and offering remediation planning to overcome these weaknesses.

Whilst no business can be wholly safe from a data incident, by following the guidance given by the Sysnet CFS team, businesses can reduce their exposure to receiving such an attack, but also will be in a far better position to respond in a positive and speedy manner, to ensure continuance of trading and minimisation of brand and reputational damage.
Another key area is the storage of unencrypted card data - under PCI-DSS all card data should be securely deleted from computer systems, or if deemed necessary for operational requirements, then the information needs to be stored in a suitable encrypted format. In all too many cases, when a forensic investigation is undertaken following a data breach, card information is located in clear text.

This can be due to a number of circumstances, forgotten databases, legacy systems deemed out of scope for PCI accreditation, or back-up files converting encrypted information into readable format. Whatever the reason, storing unencrypted data will heighten the risk, and invalidate any PCI compliance certification.

To mitigate operating with such vulnerability, Sysnet are able to offer their Cardholder Data Discovery Service, which can scan server, PCs, and storage media for unencrypted card numbers. Once the scan has been completed, and if any residual information has been identified, we can safely erase the data, help prevent it from being stored or if preferred, give guidance as to how the records can be held securely to conform to the PCI-DSS.

Sysnet bring the pragmatic mindset of a forensic investigator together with knowledge of real world hacking to give you the edge in security management. For more information please contact us by calling 0844 562 3147 (UK) or +353 (0)1 495 1300 (Rest of the World) or by completing our Online Enquiry Form or Request a Call Back Form.

 

Explore Sysnet:

Home | About Us | Contact Us | Partners | Resource Centre | Careers | Our Locations | Dublin Head Office | Russia and CIS | South Africa | UK | Latest News | Articles | Call Recording, PCI DSS & the Pitfalls | The importance of PCI Compliance | PCI DSS Overview | Overview of the main changes between v1.2.1 and v2.0 of the PCI DSS | Webinars | Data Protection | Securing Telephony for PCI DSS | Common Cyber Crimes facing the Payments Industry | Data Breaches – Compulsory Disclosure? | PCI DSS compliance challenges for the E-commerce Sector | PCI DSS compliance challenges for the Hospitality Sector | PCI DSS in the Retail Sector | PCI DSS v2.0 Webinar | PCI DSS Overview Webinar | Wikis | Videos | Case Studies | Useful Links | Testimonials | The Steps to Achieving Information Security Compliance

Information Security Services

Understanding | Analysis | Remediation | Assessment | Support and Compliance Maintenance | PCI DSS Introductory Workshop | PCI DSS Training | Compliance Scope Analysis and Reduction | Gap Analysis | Documentation Review | Information Security Policy & Procedure Development | Remediation Plan | Remediation Project Progress Review | Solutions Implementation & Compensation Control Compliance Validation | Onsite Pre Assessment | Onsite Assessment | Web Application Vulnerability Assessment | Payment Application Assessment | Risk Assessment | Firewall Review | Phone & Email Support | Information Security Policy Review | Periodic Onsite Compliance Health Check | Security Awarness Programmes | Incident Response Services

Managed Security Services

SIM on Demand | Security Monitoring | Network Intrusion Prevention and Detection Service | Firewall Management | Managed Vulnerability and Web Application Scanning | Log Retention

Industry Sector Services

E-commerce | Public Sector | Travel and Tourism | Payments | Financial Services | Educational Institutions | Gaming

Compliance and Standards

Sysnet Compliance Management Solution | PCI DSS | ISO 27001 | HIPAA | SOX | GLBA | NERC/CIP | PCI DSS - Ireland | PCI DSS - UK | PCI DSS - South Africa

PCI compliance

Acquirers/ISO's | Banks | Merchants | Payment Service Providers | Application Vendors | Hosting Providers | PCI DSS - FAQ's | PCI compliance - Ireland | PCI compliance - UK | PCI compliance - South Africa

PCI Forensic Investigator

Incident Management Workshops | Incident Response Scenario Workshop | PFI/PFI Lite Response Services | Payment Security Assessments | PFI - FAQs

© Sysnet 2011. All rights reserved.
Web Design & Web Development by Continuum Technologies