Many insurance underwriters require general security awareness training that addresses recognised control guidelines such as ISO 27002 or the CIS Controls V8. PCI DSS training material, while similar, focuses on payment-card data. And IRAP training material will focus on information classification, media handling and incident reporting.
An security report that focusses on shortcomings and vulnerabilities is pointless! What the client needs are improvements. DotSec has 24 years of experience in building secure systems so our assessment reports include detailed descriptions of how vulnerabilities and short-comings may be addressed, in a practical and reasonable manner.
Security-awareness training is the cornerstone of any effective security practice, and security awareness training is a key requirement in almost every security compliance framework and cyber insurance policy. DotSec can provide customised training and testing material that is relevant, entertaining, and based on over 24 years of cyber experience
Security frameworks and standards exist to provide a common point of reference, allowing an organisation to be confident of its own security maturity while also being able to demonstrate that maturity to a client, partner, insurer or other third party. In a recent study conducted by DotSec and Momentum Media, 30 per cent of respondents were confident that they were compliant with an external security framework or standard, such as ISO/IEC 27001:2022 or the CIS Essential Controls; 70 per cent were either unsure or were certain that they complied with no well-accepted standard or framework. An organisation that fails to comply with a well-accepted, national or international standard or framework will almost certainly fail to have a holistic set of cyber security policies, procedures and controls in place. This, in turn, makes the attacker’s job unnecessarily easy, and may also open the organisation up to accusations of failure to meet best practices, especially in the event of a security breach.
All businesses that handle credit card data must comply with the Payment Card Industry Data Security Standard (PCI DSS), a set of stringent guidelines that is maintained by the PCI Standards Security Council (SSC).
DotSec is a Payment Card Industry (PCI) Qualified Security Assessor (QSA) company. This means that DotSec is qualified to provide assistance and to assess entities (including on-line merchants, payment processors and service providers) for compliance with the PCI Data Security Standard (DSS).
We can also assist with the preparation of Self Assessment Questionnaires (SAQs).
DotSec is actually a PCI DSS-compliant service provider so we know what it takes to get it right and we can assist with the preparation of all your PCI DSS compliance and reporting requirements, from gap-analysis and remediation work, through to Attestations of Compliance (AOCs) and Reports on Compliance (ROCs).
DotSec can assist your organisation to meet your ISO/IEC 27001:2022 objectives by conducting organisational reviews against the control objectives listed in Annex A.
ISO 27001 certification signals to customers, partners, and stakeholders that your organization takes data security seriously. It builds trust and can even give your organization a competitive edge. As more businesses and consumers become conscious of data security, being ISO 27001 certified could become a deciding factor when choosing between you and your competitors.
ISO 27001 is not just a certification; it’s a strategic investment that can lead to improved business processes, increased customer confidence, enhanced reputation, and overall business growth.
Let DotSec deliver experienced, certified ISMS Lead Implementers and Lead Assessors to help your business realise the maximum return on your ISO 27001 investment.
The Essential Eight is a set of eight configuration-focused controls developed by the ASD which are designed to protect (primarily) Microsoft Windows-based internet-connected networks.
Organisations who want to protect themselves against various cyber threats should aim to meet a target maturity level that is suitable for their environment.
DotSec can conduct an assessment of your computing environment with reference to the requirements of an appropriate ASD Essential 8 maturity level.
We can then help you to create and/or update and improve appropriate policy, procedure, standards and planning documentation to reflect the improvements that you have made while meeting your target ASD Essential 8 maturity level.
Security compliance frameworks like PCI DSS, IRAP and ISO 27001 require organisations to have a general security awareness program for all personnel. However, each compliance framework has a different emphasis and this will be reflected in the awareness-training material.
Choose the right training material to suit your needs. For example, insurance underwriters require general security awareness training in line with standards and guidelines such as ISO 27002 or the CIS Controls V8.
PCI DSS training material, while similar, focuses on the secure collection, processing and management of payment-card data. And IRAP training material will focus on information classification, media handling and incident reporting requirements.
The CIS Controls (not to be confused with the ACSC Essential Eight) are a set of internationally-recognised, best-practice security recommendations developed by a community of information security experts. In contrast to the Essential Eight, the CIS Essential Controls apply across the entire organisation, and not just to Microsoft and on-premises tech configuration.
The controls are organised into 18 control categories, or security domains (listed in Annex A) and are ranked in terms of priority by their allocation to one of three implementation groups, allowing organisations to improve their security maturity over time.
DotSec can provide you with specific, actionable recommendations that are practical to implement, and that will help your organisation align to with the CIS Controls.