Save time and money with security frameworks and standards!
Entertaining, needs-based training
Many insurance underwriters require general security awareness training that addresses recognised control guidelines such as ISO 27002 or the CIS Controls V8. PCI DSS training material, while similar, focuses on payment-card data. And IRAP training material will focus on information classification, media handling and incident reporting.
Opportunities, not problems
An security report that focusses on shortcomings and vulnerabilities is pointless! What the client needs are improvements. DotSec has 24 years of experience in building secure systems so our assessment reports include detailed descriptions of how vulnerabilities and short-comings may be addressed, in a practical and reasonable manner.
Controls and security awareness
Security-awareness training is the cornerstone of any effective security practice, and security awareness training is a key requirement in almost every security compliance framework and cyber insurance policy. DotSec can provide customised training and testing material that is relevant, entertaining, and based on over 24 years of cyber experience
Security frameworks and standards exist to provide a common point of reference, allowing an organisation to be confident of its own security maturity while also being able to demonstrate that maturity to a client, partner, insurer or other third party. In a recent study conducted by DotSec and Momentum Media, 30 per cent of respondents were confident that they were compliant with an external security framework or standard, such as ISO/IEC 27001:2022 or the CIS Essential Controls; 70 per cent were either unsure or were certain that they complied with no well-accepted standard or framework. An organisation that fails to comply with a well-accepted, national or international standard or framework will almost certainly fail to have a holistic set of cyber security policies, procedures and controls in place. This, in turn, makes the attacker’s job unnecessarily easy, and may also open the organisation up to accusations of failure to meet best practices, especially in the event of a security breach.
PCI DSS assessments
All businesses that handle credit card (also known as cardholder) data must comply with the Payment Card Industry Data Security Standard (PCI DSS v4.0 or v3.2.1), a set of stringent guidelines that is maintained by the PCI Standards Security Council (SSC).
DotSec is a Payment Card Industry (PCI) Qualified Security Assessor (QSA) company. This means that DotSec is qualified to assess entities (including on-line merchants, payment processors and service providers) for compliance with the PCI Data Security Standard (DSS).
We can also assist with the preparation of Self Assessment Questionnaires (SAQs).
DotSec has built systems that are compliant with the PCI DSS and we can assist with the preparation of all your PCI DSS compliance and reporting requirements, from gap-analysis and remediation work, through to Attestations of Compliance (AOCs) and Reports on Compliance (ROCs).
ISO/IEC 27001:2022
DotSec can assist your organisation to meet your ISO/IEC 27001:2022 objectives by conducting organisational reviews against the control objectives listed in Annex A.
ISO 27001 certification signals to customers, partners, and stakeholders that your organization takes data security seriously. It builds trust and can even give your organization a competitive edge. As more businesses and consumers become conscious of data security, being ISO 27001 certified could become a deciding factor when choosing between you and your competitors.
ISO 27001 is not just a certification; it’s a strategic investment that can lead to improved business processes, increased customer confidence, enhanced reputation, and overall business growth.
Let DotSec deliver experienced, certified ISMS Lead Implementers and Lead Assessors to help your business realise the maximum return on your ISO 27001 investment.
CIS Essential controls
The CIS Controls are a set of internationally-recognised, best-practice security recommendations developed by a community of information security experts.
The controls are organised into 18 control categories, or security domains (listed in Annex A) and are ranked in terms of priority by their allocation to one of three implementation groups.
Implementation groups (or IGs) provide a way for organisations to assess and improve on their security maturity over time.
To help your organisation align with the CIS Controls, DotSec can provide you with specific, actionable recommendations that are practical to implement.
ACSC Essential 8
The Essential Eight is a set of eight controls developed by the ASD which are designed to protect (primarily) Microsoft Windows-based internet-connected networks. Organisations who want to protect themselves against various cyber threats should aim to meet a target maturity level that is suitable for their environment.
DotSec can conduct an assessment of your computing environment with reference to the requirements of an appropriate ASD Essential 8 maturity level.
We can then help you to create and/or update and improve appropriate policy, procedure, standards and planning documentation to reflect the improvements that you have made while meeting your target ASD Essential 8 maturity level.
Security training
Cyber-security training can help to address cyber-security insurance coverage and director’s liability requirements. Liability issues are more commonly raised thanks to the Notifiable Data Breaches (NDB) scheme, the National Privacy Principles, and the increasing need for cyber-security insurance.
Don’t let your users sit through hours of boring classes. Our clients participate in a customised, on-line training program that provides regular reinforcement of your information security policies and procedures.
DotSec delivers online (SCORM 1.2 or hosted) security awareness training, meeting best-practice goals, and reducing business risk. Without a solid security-awareness program, no amount of technology will be successful.
Contact us to learn more
Security compliance frameworks like PCI DSS, IRAP and ISO 27001 require organisations to have a general security awareness program for all personnel. However, each compliance framework has a different emphasis and this will be reflected in the awareness-training material.
Choose the right training material to suit your needs. For example, many insurance underwriters require general security awareness training that addresses recognised control guidelines such as ISO 27002 or the CIS Controls V8. PCI DSS training material, while similar, focuses on the secure collection, processing and management of payment-card data. And IRAP training material will focus on information classification, media handling and incident reporting requirements.