DotSec – Dot com Security

DotSec is a professional information security organisation. Since the late 20th century, we have assisted clients in the financial, legal, transport, on-line payments, retail, property-management and on-line services sectors; we also provide assistance to all tiers of government. 

DotSec provides information security services in three main areas: Security testing and assessment, development and integration of secure systems, and managed security services.

DotSec maintains a number of certifications. In particular, we are a GITC (number Q-2554) and QAssure (number 11818) accredited company in Queensland, Australia. We are signatory to the Queensland Government’s standing offer arrangement for the provision of ICT Services (ICTSS.13.03). And we are also Payments Card Industry (PCI) Qualified Security Assessor (QSA) company; this means we are certified by the PCI Standards Security Council as being qualified to assist organisations to achieve compliance with the PCI Data Security Standard (DSS). Finally, DotSec has a history of assisting companies to become compliant with controls from Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF), and can also assist with the provision of formal IRAP assessments.

Information Security Registered Assessors
February 24, 2017 - News, Projects - No Comments

The Information Security Registered Assessors Program (IRAP) provides a framework that allows qualified and certified assessors to provide assessment services, particularly with reference to the Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). The IRAP program is managed by the Australian Signals Directorate (ASD). An increasingly wide range of businesses

Read More…

We’re keen if you are! Another job ad!
February 24, 2017 - News - No Comments

So, we put an ad out in December last year, and we were lucky enough to appoint an excellent candidate. Now, three months later, we need another person! Would you would like to learn new things, meet meaningful challenges, and be supported by some seriously smart and very experienced infosec professionals? Then please have a

Read More…

What’s new in PCI DSS V3.2
July 18, 2016 - News, Projects - No Comments

Introduction – A new version of the PCI DSS With the April release of Payment Card Industry Data Security Standard (PCI DSS) version 3.2, organisations should now be reviewing their PCI compliance obligations. This article explains some of the key DSS changes that PCI DSS-compliant organisations should understand. To ease the pain of the review

Read More…

AWS Instance Profiles
July 5, 2016 - HowTo - 2 Comments

This article describes AWS API key management and AWS Instance Profiles, and continues on from our previous discussion regarding AWS REST authentication. As is usual for REST APIs, developers who need to interact with the AWS REST APIs can use the AWS Management Console to create long term API keys that consist of an Access

Read More…