Verify control effectiveness

Verify the effectiveness of your controls

We know that identifying and prioritising risk puts us in the driver’s seat, and we know that the deployment of risk-based controls avoids wasted time and money, putting resources and budgets where they are most needed. But designing and deploying controls are only the first two parts of a successful cyber strategy and there is a third facet to be considered: Verification.

Controls must be verified to confirm they’re effective, resilient, and they continue to deliver as your risk identification and prioritisation matures. Without continuous (or at least frequent) verification, controls that worked in the past may later be found to offer little more than a false sense of security.

Penetration testing services

For over 25 years, dotSec has provided penetration testing services for a wide range of corporate and government organisations, but what makes dotSec’s pen tests unique?

Surprise: dotSec’s pen testers don’t just do pen testing!

Instead, our pen testers can build things like AWS-hosted services, IAM systems, they have system hardening skills, and they rotate through roles including EDR and SIEM analyst. All of this makes dotSec’s testers uniquely experienced to provide you with prioritised strategies that are practical and reasonable to implement.

Social engineering

Phishing remains the most frequent form of social engineering, but attackers increasingly diversify their methods to bypass technical safeguards and target human vulnerabilities.

Social engineering tests will help verify the effectiveness of your social engineering and security-awareness training controls.

Equally importantly, social engineering exercises will also help you to comply with requirements from recognised frameworks and standards such as ISO/IEC 27001 (A.6.3), PCI DSS (12.6), and the Australian Information Security Manual (ISM) user education controls.

Adversary emulation

A Capability Maturity Assessment measures how well your security processes and controls are designed, managed, and improved over time, helping you benchmark against standards and build a roadmap for improvement.

Our assessments are generally (depending on customer requirements; the NIST CSF is another option) conducted with reference to selected controls from IT security frameworks and guidelines such as the CIS Critical Security Controls (v8.1), ISO/IEC 27002:2022, and the Australian Privacy Principles (APPs), but the NIST CSF and ASCS Essential Eight are also useful in some circumstances.

Table top exercises

A Cyber Security Tabletop Exercises (TTXs) is a highly interactive and engaging activity, that is designed to test your organisation’s incident response plan, capabilities and processes.

A TTX provides a safe and controlled environment for the organisation to practise it’s incident detection, containment and response strategies, and identify areas of weakness that need to be addressed.

By conducting TTXs, your organisation can test it’s incident response strategies and practices, without the interruption and cost associated with an adversary emulation test.

OUR CYBER SERVICES

ISO 27001 consulting

Practical and experienced Australian ISO 27001 and ISMS consulting services. We will help you to establish, implement and maintain an effective information security management system (ISMS).

Penetration tests

DotSec’s penetration tests are conducted by experienced, Australian testers who understand real-world attacks and secure-system development. Clear, actionable recommendations, every time.

PCI DSS

dotSec stands out among other PCI DSS companies in Australia: We are not only a PCI QSA company, we are a PCI DSS-compliant service provider so we have first-hand compliance experience.

WAF and app-sec

Web Application Firewalls (WAFs) are critical for protecting web applications and services, by inspecting and filtering out malicious requests before they reach your web servers

Identity management

Multi-Factor Authentication (MFA) and Single Sign-On (SSO) reduce password risks, simplify access, letting verified and authorised users reach sensitive systems, services and apps.

Vulnerability management

dotSec provides comprehensive vulnerability management services. And we analyse findings in the context of your specific environment, priorities and threat landscape.

Phishing and soc eng

We don’t just test whether users will click a suspicious link — we also run exercises, simulating phishing attacks that are capable of bypassing multi-factor authentication (MFA) protections.

Penetration testing

DotSec’s penetration testing services help you identify and reduce technical security risks across your applications, cloud services and internal networks. Clear, actionable recommendations, every time!

Managed SOC/SIEM

dotSec has provided Australian managed SOC, SIEM and EDR services for 15 years. PCI DSS-compliant and ISO 27001-certified. Advanced log analytics, threat detection and expert investigation services.

Secure configuration

We provide prioritised, practical guidance on how to implement secure configurations properly. Choose from automated deployment via Intune for Windows, Ansible for Linux or Cloud Formation for AWS.

Secure cloud hosting

Secure web hosting is fundamental to protecting online assets and customer data. We have over a decade of AWS experience providing highly secure, scalable, and reliable cloud infrastructure.

Essential eight

DotSec helps organisations to benefit from the ACSC Essential Eight by assessing maturity levels, applying practical security controls, assessing compliance, and improving resilience against attacks.

Advisory services

We have over 25 years of cyber security experience, providing practical risk-based guidance, advisory and CISO services to a wide range of public and private organisations across Australia.