DotSec – Dot com Security

DotSec is a professional information security organisation. Since the late 20th century, we have assisted national and international clients across most industry sectors. We also provide assistance to all tiers of government.

DotSec provides information security services in four main areas:

  1. Security testing and assessment,
  2. development and integration of secure systems,
  3. managed security services, and,
  4. information-security training.

DotSec maintains a number of certifications.  We are a Payments Card Industry (PCI) Qualified Security Assessor (QSA) company; this means we are certified by the PCI Standards Security Council as being qualified to assist organisations to achieve compliance with the PCI Data Security Standard (DSS).  DotSec is able to undertake formal IRAP assessments and has a strong history of assisting companies to become compliant with controls from Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF).  DotSec infosec professionals are certified AWS Architects and have a strong history in the design, delivery and management of secure-hosting services for national retail brands. And finally, DotSec is a signatory to the Queensland Government’s standing offer arrangement for the provision of ICT Services (ICTSS.13.03), and is an accredited GITC (number Q-2554) and QAssure-registered (number 11818) company.

With over 18 years experience, DotSec is one of Australia’s oldest information-security companies.   Contact us and let us put our professional experience and skills at your disposal.

Magento as the coalminer’s canary

Summary Regular review of web-application logs is not only a requirement for various compliance regimes (such as the PCI-DSS or various IRAP-based programs), it can actually give you good insight into vulnerabilities which arise outside of the web-application itself. In this post we describe how clever analysis of blocked-request logs (in this case to Magento)

Read More…

IRAP compliance for national service provider

We’ve been busy! Have a read of this new case study to see how DotSec guided the development of an IRAP-compliant information security management practice (including policies, procedures and infrastructure) for a multinational service-provider, on a tight schedule and fixed budget, and without interruption to the client’s national business-as-usual activities. We have provided plenty of

Read More…

Information Security Registered Assessors

The Information Security Registered Assessors Program (IRAP) provides a framework that allows qualified and certified assessors to provide assessment services, particularly with reference to the Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). The IRAP program is managed by the Australian Signals Directorate (ASD). An increasingly wide range of businesses

Read More…

We’re keen if you are! Another job ad!

So, we put an ad out in December last year, and we were lucky enough to appoint an excellent candidate. Now, three months later, we need another person! Would you would like to learn new things, meet meaningful challenges, and be supported by some seriously smart and very experienced infosec professionals? Then please have a

Read More…