Magento as the coalminer’s canary

Summary Regular review of web-application logs is not only a requirement for various compliance regimes (such as the PCI-DSS or various IRAP-based programs), it can actually give you good insight into vulnerabilities which arise outside of the web-application itself. In this post we describe how clever analysis of blocked-request logs (in this case to Magento) actually provided us with information about compromised computers elsewhere within our client’s organisation. What the

Read More…

Comments Off on Magento as the coalminer’s canary

IRAP compliance for national service provider

We’ve been busy! Have a read of this new case study to see how DotSec guided the development of an IRAP-compliant information security management practice (including policies, procedures and infrastructure) for a multinational service-provider, on a tight schedule and fixed budget, and without interruption to the client’s national business-as-usual activities. We have provided plenty of information about the IRAP program in a previous post so we won’t re-hash it here.

Read More…

Comments Off on IRAP compliance for national service provider

Information Security Registered Assessors

The Information Security Registered Assessors Program (IRAP) provides a framework that allows qualified and certified assessors to provide assessment services, particularly with reference to the Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). The IRAP program is managed by the Australian Signals Directorate (ASD). An increasingly wide range of businesses are being required to become compliant with controls (either all, or more usually, a subset)

Read More…

Comments Off on Information Security Registered Assessors

We’re keen if you are! Another job ad!

So, we put an ad out in December last year, and we were lucky enough to appoint an excellent candidate. Now, three months later, we need another person! Would you would like to learn new things, meet meaningful challenges, and be supported by some seriously smart and very experienced infosec professionals? Then please have a read of our job ad which we’ve posted on Seek. We wrote the ad based on a couple of peoples’ time-sheets and so it describes a fairly realistic (albeit quite busy!) week at DotSec: Build some stuff; maintain some stuff; break some stuff! If the work looks interesting and if you’re keen, please send us an application. If your CV looks good (watch out for the canine weight-management plan at the bottom of the ad!)

Read More…

Comments Off on We’re keen if you are! Another job ad!