Copyright 2019  

Registered Office Address

20-22 Wenlock Road, 

London.

N1 7GU

Search



We are holding a 1-day course covering PAS 499:2019 Digital Identification And Authentication Compliance in Q2 2019.

It will be led by one of the authors of PAS 499:2019 so it will be a rare opportunity to hear from one of the subject matter experts!

Please find details in the flyer. If you have questions or want to register interest please email enquiries@fortiscyber.co.uk or message me directly through LinkedIn. Those on the interest list will be offered a reduced rate.




#authentication #authorization #governance #identities #GRC #Digitalidentification #PSD2 #OpenBanking #EntrustDatacard



Training Options to Fit Your Needs


1-Day PAS 499:2019 Digital Identification And Authentication Compliance Training

(Delivered In-Person)

Designed for mid- to senior-level professionals and executives, this in-person delivered short course enables you to identify, develop and plan effectively for the upcoming requirements in the provision of digital services for Strong Customer Authentication within PSD2.


PAS499 is a British Standards Institute developed code of conduct that has been supported within the financial services industry by the Payment Systems Regulator (PSR), UKfinance and TechUK to name just a few. PAS 499 sets out recommendations for organizations to meet security, regulatory, and usability requirements in the provision of digital services. In addition to PSD2, it develops on other recent legislative developments ranging from the Electronic Identity, Authentication and Signatures Regulation (eIDAS) to the General Data Protection Regulation (GDPR).


The PAS is going to be published as a standard in April 2019 and the one-day course is a perfect opportunity for you to become aware of the level of governance changes and risk requirements it outlines affecting your organisation before it gets made public.


The training session will be delivered by one of the primary authors of the PAS 499 standard.

Over one day, you will learn the key points about digital identification and authentication in general terms, usability and regulatory requirements to assist in achieving PAS 499 compliance, and its accreditation scheme rules. This will include practical information that will enable you to manage auditor expectations, meet regulatory requirements, and leverage your company’s investment in existing internal controls in support of your governance, risk and compliance goals and objectives.


PAS 499 training covers the following concepts:


 Identity Validation

 Identity Proofing

 Enrolment

 Authentication

 Delegated Authority and Authorization

 Security and Usability

 Authentication Risk Model


We will provide you with a wide variety of materials for the training session, including notebook and a take-away reference workbook based on the PAS 499 compliance training content.


When?

Coming during Q2 2019! Register here to be part of the "Interest List"! Those on the interest list will be offered a reduced rate.


Interested but not quite certain?

We understand that the best laid plans can change, which is why Fortis Cyber Security Limited offers a generous cancellation and refund policy.


For in-person classroom training, you can receive a full refund when you cancel up to 21 days prior to the beginning of class.


Contact details: enquiries@fortiscyber.co.uk


Let us bring the session to you.

Email enquiries@fortiscyber.co.uk to discuss on-site or private in-house training.



It’s surprising to many that variants of the WannaCry ransomware are still being effective at damaging business operations to this day. On Friday 3rd August there was an outbreak at TSMC (The Taiwan Semiconductor Manufacturing Co) —the world's largest makers of semiconductors and processors -which manufactures chips for companies, including Apple, Nvidia and AMD. “This virus outbreak occurred due to mis-operation during the software installation process by a supplier, which caused a virus to spread to the company’s computer systems.” TSMC officials wrote in a statement published on Sunday 5th August. This surely demonstrates that it’s still a very real and active threat. 

The company stated, it expected the disruption to lower third-quarter revenue by as much as 3 percent. With the chipmaker previously forecasting revenue in the quarter to be between $8.45 billion and $8.55 billion, the hit could be as high as $256 million.

Companies like TSMC use the NIST (National Institute of Standards and Technology) Cybersecurity Framework to “protect” against and “detect” the presence of such outbreaks, subsequently using the “respond and “recover” incident response plans to mitigate the compromise and recover business operations. A speedy and co-ordinated response will help to minimise damage and financial loss. By offering staff relevant training and rehearsing scenarios, your company is better equipped to deal more effectively with an outbreak.

Dealing with ransomware threats, requires a multi-faceted approach:


Technical & Policy 

  • Back up your data and protect the backups.

  • Use strong anti-virus software.

  • Use a risk based layering approach for your most precious assets and control code execution. 

  • Application whitelisting is also an effective control to use here.

Technical, Process & Policy  

  • Keep updating your OS - Install the Microsoft patches to protect the OS from the vulnerability that WannaCry exploits. This should be part of a mature threat and vulnerability management capability which includes patching. There are companies (like Fortis) offering this as a service if you don’t want the overhead. 

People & Policy 

  • Don’t click on links in emails, WhatsApp etc or websites you don’t trust.

  • Avoid opening email attachments from people or sources you don’t trust.

  • Use an accredited learning and development package for your staff which changes their behaviour and is not just as a compliance tick-box exercise.

Technical for WannaCry

  • Disable SMB v1 to prevent the spread, Microsoft Server Message Block 1.0 – the now infamous Microsoft Security Bulletin MS17-010– Critical. Updating desktops are way simpler than servers so bear this in mind.

Technical & Policy

  • Filter web-traffic to help protect users from downloading the malware by mistake via web sites. 

There are some great resources for organisations which will help them to identify and quantify risk, in financial terms, ensuring that “the business” can make an informed decision about priority and budgeting.

What is the likelihood of this happening to your organisation and what would be the financial impact in the event of a successful ransomware attack? If the quantifiable risk is higher than your company’s risk appetite, then the advice would be to prioritise the increase of preventative/protect measures internally or look to an external party to provide a solution for you. At Fortis this is what we are experts at.

Further information: 

Many thanks to Matthew Waters and Charles Vaughan for their honest feedback whilst reviewing this piece. 

The best of luck,

-Matt Leonards

Keywords: #informationsecurity #ciso #cyber #cybersecurity #nist #ransomware #wannacry #ncsc

Fortis Logo-10.png