Paytech vinh dự đón nhận chứng chỉ tiêu chuẩn bảo mật dữ liệu thẻ Quốc tế PCI DSS
17 Mar

Ngày 17/2/2022, Paytech đã vinh dự đón nhận chứng chỉ PCI DSSC level III, đây là chứng chỉ cam kết mức độ bảo mật cao nhất cho thông tin thẻ thanh toán của khách hàng và dữ liệu đối tác của Paytech.

Chứng chỉ được cấp bởi Công ty CMC Cyber Security thuộc Tập đoàn Công nghệ CMC – đơn vị tư vấn, đánh giá và cấp chứng chỉ bảo mật dữ liệu thẻ Quốc tế. CMC Cyber Security cũng là doanh nghiệp đầu tiên có giấy phép kinh doanh sản phẩm, dịch vụ an toàn thông tin mạng tại Việt Nam. Việc đạt được chứng an ninh bảo mật dữ liệu thẻ Quốc tế là một yếu tố quan trọng trong việc khẳng định cam kết của Paytech về đảm bảo an toàn thông tin cho khách hàng, đối tác và các bên liên quan.

Paytech-nhận chứng chỉ PCI-DSS levell III
Paytech-nhận chứng chỉ PCI-DSS levell III

Tham gia chương trình có sự góp mặt của:
Về phía CMC Cyber Security:
1. Anh Hà Thế Phương – Tổng Giám đốc
2. Anh Nguyễn Ngọc Tân – Chuyên gia tư vấn PCI DSS
3. Anh Nguyễn Văn Sơn – TP.KD Giải pháp bảo mật

Về phía Paytech
1. Anh Ngô Minh Thắng – TGĐ Công ty cổ phần PayTech
2. Anh Nguyễn Hoàng Minh – Trưởng phòng PTSP và phụ trách kỹ thuật PayTech
3. Anh Đỗ Văn Thịnh – PP Giải pháp – Hạ tầng

Paytech-nhận chứng chỉ PCI-DSS
Paytech-nhận chứng chỉ PCI-DSS

 

PCI DSS viết tắt cho Payment Card Industry Data Security Standard là một tiêu chuẩn an ninh thông tin bắt buộc dành cho các doanh nghiệp lưu trữ, truyền tải và xử lý thẻ thanh toán quản lý bởi 05 tổ chức thanh toán quốc tế như Visa, MasterCard, American Express, Discover và JCB. PCI DSS là một tiêu chuẩn được các tổ chức thanh toán quốc tế nêu trên ủy quyền quản lý cho Hội đồng Bảo mật dữ liệu thẻ thanh toán PCI SSC (Payment Card Industry Security Standard Council).
Tiêu chuẩn này được phát triển nhằm mục đích gia tăng kiểm soát đối với dữ liệu chủ thẻ và hạn chế sự gian lận, trộm cắp dữ liệu thẻ thanh toán. Chứng chỉ sẽ có hiệu lực trong một năm, và các doanh nghiệp phải thực hiện tái đánh giá định kỳ. Các doanh nghiệp xử lý số lượng giao dịch lớn sẽ lựa chọn hình thức thuê chuyên gia đánh giá (Qualified Security Assessor – QSA) bên ngoài thực hiện thẩm định và xuất bản báo cáo tuân thủ (Report on Compliance – RoC) trong khi các doanh nghiệp xử lý số lượng giao dịch nhỏ hơn sẽ phải hoàn tất bảng câu hỏi tự đánh giá (Self-Assessment Questionaire – SAQ).

Mô hình chứng chỉ PCI-DSS
Mô hình chứng chỉ PCI-DSS

Cũng tại buổi lễ trao chứng nhận, Ông Hà Thế Phương – Giám đốc dự án kiêm PCI QSA – Công ty CMC Cyber Security chúc mừng Paytech nhận được chứng chỉ về an ninh bảo mật thẻ Quốc tế với nhiều thử thách. Ông Phương cho biết: “Với sự chuyên nghiệp và chuẩn bị kỹ lưỡng, đây là dự án có tốc độ triển khai nhanh nhất từ trước tới giờ của CMC Cyber Security. Đạt được chứng chỉ PCI trong năm đầu tiên là bước bắt đầu thuận lợi để Paytech có thể phát triển mạnh mẽ hơn nữa trong thời gian tới. Chúc cho mối quan hệ hợp tác giữa Paytech và CMC Cyber Security ngày càng bền chặt và toàn diện hơn”

Việc sở hữu chứng chỉ tầm quốc tế PCI DSS một lần nữa khẳng định cam kết của Paytech trong việc cung cấp cho khách hàng, đối tác và các bên liên quan về những sản phẩm, dịch vụ thẻ đảm bảo tính an ninh, an toàn tuyệt đối.. Đây là tiền đề để khách hàng tin tưởng sử dụng giải phát của Paytech, là cơ sở để Paytech tiếp tục nỗ lực trong việc phát triển sản phẩm tốt và phục vụ được nhiều khách hàng hơn nữa.

Tọa đàm trực tuyến cùng chuyên gia: Đầu năm con trâu nói chuyện con công nghệ
19 Feb

This is a meeting where leading technology experts from CMC Group update the technology trends that continue to flourish in 2021 and solve the easy problems encountered in the transition process of FSI enterprises. (Finance-Banking-Insurance), Logistic, E-commerce as well as SMEs (SMEs).

The impact of the Covid-19 epidemic in 2020 has led to a rapid shift of most business models to remote work that has caused an explosion in mobile devices, automation of AI power. (artificial intelligence), automated robots and industrial IoT (Internet of Things) platform. This has facilitated the "cloud" to take place at a stronger speed to help businesses accelerate their transition. It can be said that the pandemic has created a boost for the cloud computing market to develop with a growth rate of 40% - According to Mr. Nguyen Khac Lich, Deputy Director of Information Security Department (Ministry of Information and The media).

With the desire to help Vietnamese businesses build a suitable digital transformation roadmap and timely grasp technology trends in the new phase, the New Year's Story online seminar with the theme "Buffalo year Talk about technology ”will update the technology trends that continue to flourish in 2021 and solve easy encountered difficulties in the business transformation process. All will be shared by leading technology experts from CMC Group to bring the most practical digital transformation stories in FSI (Finance-Banking-Insurance), Logistic, E-commerce as well as SMEs (small and medium enterprises).

The seminar at the beginning of this year will have the participation of senior technology experts from CMC corporation including:

In the Telecom sector, there is Mr. Le Anh Vu - Creative Director of CMC Telecom

In the Security segment, there is Mr. Ha The Phuong - Deputy General Director of CMC Cyber Security

In the R&D segment, there are Mr. Dang Minh Tuan - Vietkey's father, Director of CMC Institute of Technology Application Research (CIST).

Discussing "hot" and online will give you an overview of technology trends that have been storming in 2020 and continue to grow, having a great impact on your business. in 2021. Here, the technology experts of CMC Group will answer the problem of building self-recovery capacity of Vietnamese enterprises in a new normal state; how to successfully apply new technology platforms to promote the development of businesses in the sectors of FSI, Logistic, E-commerce; What formula for SMEs (small and medium enterprises) to promote intrinsic strength to rise up in 2021.

In addition, in this February, we also open a portal of direct consultation with leading experts of CMC Group to help leaders, IT administrators easily share the problems that your business is facing. must face to face. Thereby, one can find the most suitable solution and be ready to make a breakthrough in 2021. Registration portal to connect with CMC experts here.

Watch the seminar at youtube's channel CMC Telecom at 09:30 on February 24, 2021.

 

CMC Cyber Security ra mắt phần mềm Hệ thống điều phối phản ứng bảo đảm An toàn thông tin tự động CMC (CSOAR)
12 Oct

Recently, CMC Cyber Security Company has just launched "CMC Security Orchestration Automation & Response (CSOAR) Automatic Response Coordination System". It is a solution that gathers information about security threats from a variety of sources and performs low-level troubleshooting without humans. This solution helps increase the efficiency in operating the organization's security with:

  • Supports integration with Threat Intelligence source and information security products.
  • Support virtual appliance form to deploy virtual appliance on premise
  • Automatically generate alerts on information security events of the system and provide handling plans for the events.
  • Building a handling process in line with the customer's system, helping customers to manage the system's problems effectively, easily to scale.
  • Speed up Triage and reduce the time and resources required to perform a threat investigation

General feature

Configuration administration:

  • Minimum authentication support via: LDAP, SAML.
  • Support creating users and user groups
  • Providing centralized management system through Web UI interface with Dashboard Portal system
  • Ability to define access rights according to the troubleshooting role
  • Ability to split license using feature, modularization includes data privacy breach module and Privacy module to guide data loss handling (eg GDPR ...)
  • Assists the administrator in defining a feature-based access role and easily managed partition including restricting access to specific functions, scope of troubleshooting
  • Support automatic update and update via direct installation package
  • Supporting Web UI management interface with Dashboard Portal system ensures the functions of managing, analyzing, publishing reports ... This portal is also responsible for providing news feed for management and monitor the troubleshooting progress, detail the processing progress according to each administrator's action
  • Integrating with CMC Dashboard Portal displays a variety of components for administration, information monitoring and can be customized according to usage purposes.
  • Providing a centralized application store that allows downloading of 3rd party applications installed directly on SOAR; supports popular applications such as: McAfee, Cisco, Code42, Carbon black, Redhat Ansible, Crowdstrike ...
  • Ability to maintain database and troubleshooting history, allowing administrators to search for processed information according to each issue
  • Ability to import and export configuration

Handling incident response

  • Ability to guide data loss handling according to data protection laws of each geographic region, country
  • Ability to integrate 2-way with SIEM to help flexibility and efficiency in SOC handling
  • Allows creating problems by receiving emails, automatically filtering information in emails
  • Ability to automatically extract information from an email attachment and attach it to a pending issue
  • Provides a manual troubleshooting and crash creation interface through API, Web URL, SIEM, ticket system and creation interface, custom graphical workflow, easy drag and drop, based on BPMN - Business Process Model Notation with Dashboard Portal system integration
  • Allows the organization to simulate incidents, test response plans, and enable the organization to detect errors to correct before the problem actually occurs
  • Allows writing scripts on the interface to support writing automation modules and modules
  • Ability to test scripts and debug to detect errors before actual execution
  • Ability to combine playbooks including processing steps, processing stages to guide users in responding to attack situations

Correlation of analytical information

  • Support available to create evidence for the incident
  • Support decentralized, delegated on each step of troubleshooting
  • Support creating Wiki pages, allowing organizations to add important information, manuals, reference information.
  • Support for correlation analysis engine to show relationships between incidents with the same evidence
  • Support displaying the trend of incidents and threats
  • Supports periodic updating of intelligence from multiple sources for the incident evidence
  • Support the ability to trigger actions for third party systems, related to problem handling
  • Supports correlation of intelligence from multiple sources including 3rd parties. These intelligence are automatically updated periodically.
  • Support automatically navigating the troubleshooting according to the information entered, the playbooks automatically apply to different types of attacks
  • Provides the ability to link incidents using evidence of attack
  • Support available at least 5 intelligence sources to assist with information enrichment
  • Support for fault correlation interfaces via IOC
  • Allows users to perform troubleshooting steps immediately on the admin interface

Export report

  • Provide built-in reporting templates, allowing to report incident information, for many recipients with different levels of details.

 

CMC Cyber Security có thêm kỹ sư đạt chứng chỉ bảo mật thế giới OSCP
27 Jul

Recently, CMC Cyber Security Company has just added an Offensive Security Certified Professional - OSCP engineer. This is one of the most prestigious information security assessment certificates in the world.

OSCP is a certification program that focuses on security testing and attack skills. It consists of 2 parts: a 24-hour pentest test. Test results must then be written into a report in English, assessed within 7 days before the results are officially released.

The OSCP certification is in the top 5 of desirable penetration and testing certificates for security professionals and is one of the more demanding practice exams. At the exam, engineers must demonstrate the ability to research the network system, detect security gaps or weaknesses in the application system, thereby helping experts assess the level of risk as well as build building response and troubleshooting methods. It can be said that the most important assessment in the exam is sharp thinking and execution skills under great pressure.

Mr. Ha The Phuong - Deputy General Director of CMC Cyber Security Company said: “In order to provide security assessment services of international standards, the company always focuses on enhancing the level and capacity of engineers. At the same time, CMC Cyber Security also always encourages and supports engineers to participate in competitions to gain the world's most prestigious and valuable certificates ".

CMC Cyber Security is a unit with more than 10 years of experience in providing professional information security assessment services with many projects for large customers, the company's engineers achieve OSCP certification. practical complement to the quality of critical information systems assessment at both the national and international level.

This is also the clearest proof of the capacity and qualifications of the team of information security engineers of CMC Cyber Security, helping customers feel more secure about the quality of information security assessment services that the company is doing. provided.

VNISA trao giải Sản phẩm an toàn thông tin mới xuất sắc 2018 cho CMC Infosec
10 Sep

VNISA has just awarded the title of information security products and services in 2018 to CMC Infosec with 3 prizes including: High-quality security products, typical security services and excellent new information security products 2018.

VNISA awarded the title of information security products and services in 2018 to businesses.

Organized under the auspices of the Ministry of Information and Communications, the program voted "High-quality Information Security (ATTT)" and "Typical Information Security Services" as an annual activity organized by the Vietnam Association of Information Security (VNISA) ) implemented since 2015 to evaluate, recognize and honor good quality ATTT products and services. The event was held at the International Conference on Vietnam Information Safety Day 2018. The new feature of this year's program is that the Voting Council unanimously assess and propose the certification of the title "Newly released ATTT product". identity ”to encourage new and highly innovative security food products.

At the ceremony of announcing and awarding the voting title on the morning of November 30, 2018, Mr. Vu Lam Bang, Director of CMC Infosec Product Research & Development Center, represented by CMC Infosec Company, received all 3 awards: high-quality security products "," Typical Security Services "and" Excellent New Security Products "2018.

The titles of "High-quality Security Products 2018" and "Typical Security Services 2018" are evaluated and voted according to the main criteria including application demand and efficiency, technology, product quality and market. and support services, market dominance. Two anti-malware solutions for CMC Internet Security Enterprise (CISE) and CMC Infosec penetration testing service have been awarded these two titles. In particular, CISE solution is integrated with Artificial Intelligence (Artificial Intelligence) to detect abnormalities, analyze and identify behavior of malicious code, which is a solution being researched and developed by CMC Infosec.

Notably, the new point of this year's voting program is adding the title "Excellent New Security Product" to encourage new and highly innovative security products. Right in the first year of the award, CMC NextGen SOC's new generation Information Security Management Center received the title. SOC (Security Operation Center) is a center in an internal system that monitors, detects, quarantines and solves incidents and is responsible for the security and safety of network devices and equipment. security, servers or workstations. CMC NextGen SOC is a perfect combination of 3 elements: Technology - Process - People to monitor, detect, automatically react to all information security incidents, with outstanding technology combined. AI - Machine Learning and Automation, allowing early detection of abnormal signs. All technologies and processes of CMC SOC are developed and operated by Vietnamese engineers of CMC Infosec.

This year, the members of the Voting Council are all reputable managers and experts from a number of large agencies, organizations and enterprises operating in the field of security, such as the Ministry of Internet Warfare Command. National Defense, Department of Civil Cryptography Management and Cryptographic Product Testing of the Government Cipher Committee, Vietnam Computer Emergency Response Team (VNCERT) of the Ministry of Information and Communications ... Mr. Vu Quoc Thanh, Vice President of VNISA emphasized: “This year's program of the Vietnam Information Security Association selects complete products and services with high quality features on information security, security and origin from Vietnam. owned and owned by Vietnamese enterprises and organizations. This year we have an additional category of Excellent New Security Products because this field in Vietnam is quite new, products may be in the stage of not yet on the market but need to be encouraged to develop. , appropriate investment. In this category, the CMC SOC solution of CMC Infosec has been rated as good and quality by the Council of Votes, so it is promoted in Vietnam market.

Mr. Vu Lam Bang, Director of CMC Infosec Product Research & Development Center, shared at the event: “This year, the organizers have a new prize for differentiated and pioneering products. The first company in Vietnam built its own Center for Information Security Management from start to finish, not procuring technology from either party. Currently CMC SOC of CMC Infosec is also highly appreciated by foreign units. ”

CMC Infosec was established in 2008 with the mission of developing information security products and services for individual and corporate customers, anti-malware solutions and information security services. With a staff of 70 people, bringing together more than 45 leading security and IT engineers, a team of engineers and experts with international qualifications and security certifications such as PCI QSA, ISO 27001 Lead Auditor, CEH ... and experienced in handling a lot of major information security incidents in Vietnam, 100% of products and solutions provided to the market by CMC Infosec are researched and developed by Vietnamese people themselves. , flexible and tailored to the needs of a wide range of customers from the Government, finance, businesses to individual users. CMC Infosec is currently the only Vietnamese member of Asian Association of Malware Researchers (AVAR) and International Computer Security Alliance (ICSA), all products and services provided by CMC Infosec All are rigorously tested to international standards and receive the support of security experts from these prestigious organizations.

Sau Viettel và Bkav, Bộ TT&TT công nhận giải pháp chống mã độc của CMC, Veramine đáp ứng yêu cầu kỹ thuật
10 Sep

The list of anti-malware products meeting the technical requirements under the Prime Minister's Directive 14 has just been added with two solutions of CMC and Veramine. Previously, there were two solutions of Bkav and Viettel that were evaluated and recognized by the Ministry of Information and Communications.

Centralized anti-malware solution CMC Malware Detection and Defense is one of two new products added to the List of anti-malware products that meet the technical requirements under Directive 14 (Artwork: cmc.com.vn)

The Ministry of Information and Communications has just updated the List of anti-malware products that meet the technical requirements under the Prime Minister's Directive 14 May 25, 2018, to improve the capacity to prevent and fight against malicious software ( referred to as malicious code).

Accordingly, there are 2 anti-malware products of 2 businesses that have been evaluated and added to the above list by the Ministry of Information and Communications, including: centralized anti-malware solution CMC Malware Detection and Defense (CMDD) of CMC Cyber Security and Security Limited (CMC Cyber Security) and Veramine Advanced Endpoint Security Suite (VAESS), an active detection, response and defense suite of threats on points end in the network system (including servers, workstations) of Veramine Company.

Earlier this year, the Ministry of Information and Communications assessed and recognized two anti-malware products to meet technical requirements under the Prime Minister's Directive 14, including: overall solutions to prevent viruses for human Bkav Endpoint AI of Bkav antivirus software joint stock company; solutions to detect and prevent intentional attacks Endpoint (Viettel Endpoint Detection & Response - VEDR) of Viettel Network Security Company of Viettel Group.

The anti-malware products of Viettel, Bkav, CMC and Veramine have been assessed and certified by the Ministry of Information and Communications to meet the technical requirements under Directive 14, which are products and solutions that meet the specified criteria. at the Prime Minister's Directive 14 on improving malware prevention and control capabilities, which are: having a function to allow centralized management; 24/7 technical support and solutions, able to react promptly in detecting, analyzing and removing malware; can share malware information and statistical data with the technical system of competent authorities, comply with standards, technical regulations and professional guidance of the Ministry of Information and Communications.

With CMC Malware Detection and Defense, one of the two new anti-malware products added to the List, CMC said that this solution was developed on the basis of CMC Internet Security Enterprise (CISE) and is a solution. support agencies and organizations to detect and defend against the threat of malicious code deployed on workstations with centralized monitoring system. Specifically, the solution has outstanding features such as: shielding the protection of personal computers safely from the risk of attacks from malicious code; monitor abnormal activities that may cause harm on computers; detect vulnerabilities, malware and dangerous connections.

At the same time, the active monitoring system from CMC Cyber Security allows to identify and immediately identify risks to customers; support and rescue services to minimize risks to customers when attacks occur; provide information security status reports to customers quickly, promptly and completely.

As for Veramine Advanced Endpoint Security Suite (VAESS) from Veramine, information from Cyberlab - the distributor of this solution in Vietnam, says VAESS has the ability to collect diverse information from the core level. The operating system reaches user sessions to identify any suspicious behavior on endpoints.

The suite of solutions also uses a variety of flexible mechanisms to respond to detected abnormal behavior such as interrupting, pausing processes, sessions or quarantining an endpoint, a process from a connection. network; carry out active defense by creating a trap system for malicious code and hackers on endpoints in order to monitor and prevent the activities of hackers and malicious code on these endpoints.

In addition, VAESS ensures the ability to provide sufficient evidence during the forensics process, as well as adds other advanced features to combat internal threats such as people management. user, data and peripherals.

In particular, VAESS supports a variety of platforms including Windows versions, Linux distributions and will soon be supported on MacOS.

Giải bài toán xây dựng Trung tâm điều hành An ninh mạng cho khối Ngân hàng
10 Sep

Network Security Operations Center (SOC) is a "not strange but still new" concept to agencies and organizations in Vietnam, especially the banking sector. So what is the approach to build an effective SOC, consistent with the process of digital development of Vietnamese Banks?
Network Security Control Center (SOC) - "not strange but still new"

In developed countries in the region such as Japan, Singapore, Hong Kong ... the construction and operation of SOC in order to comprehensively control and improve the defenses of IT systems of organizations have been paid much attention. Since 2004, SOC has now become an integral part of all activities of government organizations, multinational corporations and large banks. According to Gartner's report, by the end of 2019, there will be about 50% of large Asian corporations to implement security management activities through SOC.

Grasping this trend and indispensable demand, from the last 2 years, Vietnamese banks have planned to develop SOC. However, the "not strange" with the concept of SOC can not confirm that the bank is "used to" and knows how to operate a complete SOC. In fact, banks have encountered a number of problems.

Firstly, in terms of technology, some banks have initially invested in network security monitoring systems (SIEM) and purchased equipment and technologies from many different companies, leading to decentralized SOC operation and management. and asynchronous. Continuously updating new attack methods and technologies is also a challenge for non-specialized security units. Secondly, in terms of human resources, banks have begun to focus on full-time personnel, however, encountering difficulties in training and keeping high-quality human resources. Third, the investment budget is too great. It is estimated that the investment costs include SIEM, Forensis, Log / Backup solutions, hardware and monitoring equipment for digital surveys at about US $ 1,300,000. This cost does not include annual operating, troubleshooting and management costs.

Outsourcing SOC services - Effective time, cost savings, optimal resources

According to Mr. Ha The Phuong, Deputy General Director of CMC InfoSec - the construction and development unit of CMC NextGen SOC, when analyzing the development level of SOC, experts will be divided into 6 levels. Specifically: Level 1 - with IT department personnel or software to monitor the security status; Level 2 - partially integrated in Network Operations Center (NOC); Level 3 - there was SOC, technology and reporting operations were separated from the IT department; Level 4 - solve problems on resources (development, analysis, troubleshooting); Level 5 - take control of identified threats; Level 6 - combination of prevention, surveillance, detection, quick response and continuous improvement.

In Vietnam, reaching level 5 existing CMC NextGen SOC. In addition to controlling the identified threats, this center of CMC also integrates artificial intelligence (AI), the first Automation technology in Vietnam and has partners to assist in combating threats. new danger; DevOps team and consultants meet the special needs from organizations and banks.

Therefore, the most reasonable plan for banks at this time is to outsource the SOC service package (SOC-As-a-Service) or if they already have SIEM system, they should cooperate with a service provider. Other SOC (Consultancy) cases - provide advice on management manpower and process instead of developing an internal SOC (In-house SOC). In the case of (Hybrid), when the bank has invested in a technology system, SOC service providers can integrate their own solutions into ensuring compatible operation, offering handling procedures. incidents and providing resources ... However, the best is still the choice to outsource the SOC service package. At that time, the bank would choose the most comprehensive and appropriate service provider, available technology, experts, specialized personnel ... and solve the problem of investment cost when reducing from 6 to 12 times the cost of self-developing the system and minimizing risks when system administration is more centralized.

Based on the reality of consulting and deploying outsourcing SOC services to banks, Mr. Phuong said: “The outsourcing of SOC services is completely consistent with the trend of moving from investment costs to transportation costs. Bankers want to build a sustainable defense system. Not only that, banks will not have difficulty in securing resources when only need a focal point in combination with service provider's reporting, troubleshooting and can still monitor 24/7 ”.