Information Security Registered Assessors

The Information Security Registered Assessors Program (IRAP) provides a framework that allows qualified and certified assessors to provide assessment services, particularly with reference to the Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). The IRAP program is managed by the Australian Signals Directorate (ASD). An increasingly wide range of businesses are being required to become compliant with controls (either all, or more usually, a subset)

Read More…

We’re keen if you are! Another job ad!

So, we put an ad out in December last year, and we were lucky enough to appoint an excellent candidate. Now, three months later, we need another person! Would you would like to learn new things, meet meaningful challenges, and be supported by some seriously smart and very experienced infosec professionals? Then please have a read of our job ad which we’ve posted on Seek. We wrote the ad based

Read More…

What’s new in PCI DSS V3.2

Introduction – A new version of the PCI DSS With the April release of Payment Card Industry Data Security Standard (PCI DSS) version 3.2, organisations should now be reviewing their PCI compliance obligations. This article explains some of the key DSS changes that PCI DSS-compliant organisations should understand. To ease the pain of the review process, the Standards Security Council (SSC) provides a summary of the changes in their on-line

Read More…

AWS Instance Profiles

This article describes AWS API key management and AWS Instance Profiles, and continues on from our previous discussion regarding AWS REST authentication. As is usual for REST APIs, developers who need to interact with the AWS REST APIs can use the AWS Management Console to create long term API keys that consist of an Access Key ID and a Secret Access Key; the former is akin to a username and the Secret Access Key is used to derive a signing key. These API keys can be used to make authenticated API calls to the AWS REST endpoints. In theory, in order to do this, one would need to follow the detailed method for computing the signature for the API call. In practice however, developers will use one of the many

Read More…