Home

Securing financial services

DotSec designed, deployed and continues to maintain a secure computing environment at the head-office of a merchant bank that specialises in property management, funds management, investment and corporate finance.

In order to ensure success in this ongoing project, DotSec must not only have a complete understanding of information security, but must also understand the customer's current and future business practices, and must provide consistent and personal education, advide and support for all the customer's staff.

As with most information-security projects, success relies at least as much upon processes as it does upon technology.

Some of the highlights of this project included:

Thorough specification of a green-fields secure computing environment. The final specification needed to define a complex computing environment in such a way that it could be understood and agreed to by non-technical customers, and yet implemented precisely by DotSec's technical experts.
Support for a range of challenging business practices, including secure remote access for mobile staff using laptops, PDAs and insecure home computers, and the need to support secure information exchange with less security-focussed associates
The design and ongoing support of a highly redundant and fault-tolerant computing environment based on virtualisation for both desktops and servers, together with low-cost and secure thin-client desktop terminals.
The near-total integration of Single Sign-On for the entire organisation. While true Kerberos-based SSO is not possible due to the limitations of some mandatory software, near SSO has still been achieved, providing great convenience for all users, and a greater level of security for the organisation.
Constant 24x7x365 automated monitoring and alerting services for all aspects of the computing environment. DotSec's managed services ensure immediate, appropriate notification of any significant event. Whether it be an unexpected file-change on the proxy server, unusual CPU-usage on a virtual server, or a network-attack on the firewall, appropriate responses are ensured.

Dotsec professionals continue to work with our customer, to provide assessment, policy, training, implementation, maintenance and monitoring solutions that satisfy their complex business requirements.

News byte!

SSL subverted! Not! There has been much discussion in the popular press about the "recent compromise of SSL". Wow! The story, as it is told by most "news" sites, is just an alarmist and information-free beat up, made by people who should know better! Most versions mix up 4 different risks, 2 protocols and a good dash of FUD, and bake us up another Henny Penny headline that only serves to confuse people further!

Accreditation!

Signatory (GITC# Q-2554) to the Qld State Government's GITC information technology supplier agreement.

Included in the the Attorney-General's Department Critical Network Vulnerability Assessment (CNVA) program.