Home

DotSec - dot com security

DotSec is a professional information-security organisation that delivers solutions which, first and foremost, address our customer's business requirements. All DotSec professionals are experienced in the design, implementation and assessment of secure information-systems, and in the provision of policies, procedures and training to keep those systems secure.

In particular, DotSec professionals have a strong track-record in the areas of:

DotSec is pleased to announce the implementation of an Identity Management (IdM) service allowing secure access to electronic clinical resources provided through the Qld Dept of Health's Clinician's Knowledge Network.

Legitimate users are now better able to access a range of journals and other licensed databases with minimum overhead, and Queensland Health is better able to meet its journal and database licensing obligations. The site includes a SAML-based authentication service, providing Web-SSO for a number of web applications.
DotSec has also provided (and continues to support) message-security services for APRA's D2A online reporting service, and has completed the design and integration of authentication providers for J2EE systems for an Australian federal government department in Canberra.
Strong, multi-factor authentication systems, including OTP (One-Time Password), token and smart-card based systems. DotSec specialises in the design and deployment of Single Sign-On (SSO) services.

DotSec has recently deployed a secure, two-factor authentication service for a financial-investment company, allowing remote workers to access VPN and web-mail and calendars, without compromising domain passwords.
Enterprise Identity and Access Management services and integration, including requirements analysis, and integration with strong authentication and directory services.
The development and review of information-management security policies, and of standard operating procedures and security plans which are based on those policies.
Threat and Risk Assessment (TRA), security-services design reviews, and Penetration Testing (Pen Tests). DotSec brings unique TRA skills, since DotSec professionals have experience in the design and implementation of secure applications and services, not just in assessment and review. A recent TRA project allowed DotSec to demonstrate how an attacker could collect the usernames and passwords of all the users of a leading case-management application, by exploiting vulnerabilities in the application itself.
The provision of training courses to a wide variety of audiences. Our courses range from half-day information-security primers, to three-day secure-application development courses, and have been delivered in-house, as well as by third-party training organisations.

Dotsec professionals work with you, the customer, to provide a assessment, policy, training, implementation and monitoring solutions that satisfy your business requirements.

Who's at fault?

There is a lot of discussion currently taking place regarding a recent report that was tabled in Australian Parliament. The report is entitled, "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime".

Many people discussing this report refer to sections of the report that indicate that individual home-users should be responsible for protecting themselves, and should be disconnected by their ISP if they fail to do so.

As the report-authors are undoubtedly aware, this kind of recommendation leads to a slippery slope where users are effectively held responsible for situations and actions that are outside their ability to control.

DotSec has delivered presentations that describe how it users can be unfairly burdened in this way. Feel free to download the presso.

Accreditation!

Signatory (GITC# Q-2554) to the Qld State Government's GITC information technology supplier agreement.

Included in the the Attorney-General's Department Critical Network Vulnerability Assessment (CNVA) program.