Happiness and long life with ISO 27001
“Data is the new oil!” The phrase was famously uttered by British mathematician Clive Humby nearly 20 years ago but it’s often used today, not
News and updates
SharpC2 in the real world
SharpC2 is an open-source (.NET based) command-and-control framework developed by RastaMouse. The main component of SharpC2 is the TeamServer (and related .NET rich client) which
TPSP AOCs – Scoring goals and saving money!
In the increasingly data-driven e-commerce and finance space, protecting sensitive information has become a vital aspect of running any business, and one area that requires
Remembering an old Internet banking vulnerability
The good old (Internet banking vulnerability) days! So a long time ago (25 years ago actually!) in a research centre not so far away, I helped
Survey results: Security for Australian law firms 2022-23
2023 State of Cyber Maturity for Australian Law Firms The 2023 State of Cyber Maturity for Australian Law Firms survey invited legal professionals to share their
Hey nice business!
It’d be a shame if something happened to it! In the real, physical world, extortion is a real problem and across the world, certain gangs
Relax! it’s not my first time!
Oh for heavens sake! Can we all agree that the Optus event doesn’t really matter? I mean, it really does matter, of course! But still, it
Penetration testing stats from the past two years
Some penetration testing stats from the past two years It was the great Gordon Ramsay that said, “I don’t like looking back. I’m always constantly
Honing our blue team skills
Honing our blue team skills Cybersecurity is a never-ending game of cat and mouse that is played between attackers (who seek to damage or otherwise
DotSec is a professional cyber security organisation with over 23 years of national and international experience. Since the late 20th century, we have assisted national and international clients across most industry sectors. We also provide assistance to all tiers of government.
DotSec professionals have credentials including PCI Qualified Security Assessor (QSA), ISO 27001 lead implementer, and ISO 27001 lead auditor, and we provide ISO/IEC 27001 implementation and preparedness services. DotSec provides audit and remediation advice for APRA’s CPS 234 and ACCC’s CDR. We have assisted companies to become compliant with controls from the Information Security Manual (ISM) and Protective Security Policy Framework (PSPF).
DotSec is a Payments Card Industry (PCI) Qualified Security Assessor (QSA) company. This means we are qualified to assist and assess companies that collect, store or process credit card data.
DotSec provides Managed SIEM and Detection and Response (MSIEM/MDR) services to a range of organisations in the government, retail, legal and engineering/architecture sectors. We are also a PCI DSS-compliant service provider, which makes life much easier for our PCI DSS customers, since we can provide an Attestation of Compliance (AoC) upon request, reducing our customers’ reporting obligations.
When it comes to testing and assessment, DotSec can deliver all the services you require, including vulnerability assessment (and management), penetration testing, red/blue/purple teaming, adversary emulation, and endpoint (EDR/XDR) protection-evasion and testing.
And we frequently provide maturity assessment and (more importantly) improvement services against standards and frameworks including ISO/IEC 27001:2022, the ASD Essential Eight, the CIS Essential Controls and SOC 2.
DotSec cyber security – Do more business, more securely!