Apply cyber security controls

Why focus on risk-based controls?

No organisation has infinite budget or staff and what’s risky for one business (say, a law firm) is different to what is risky for another (say, a hospital). Risk-based controls are tailored to your specific environment. Your threats, your vulnerabilities, and your business impact: your risk!

Don’t just take our word for it: Insurers and standards like ISO 27001 and the PCI DSS all demand that businesses assess and treat risks, which implies the application of effective, risk-based, controls.

No silver bullets. No solutions looking for a problem. Just the effective reduction of business risk through the application of requirements-driven controls.

MDR and MSIEM

Our Managed Detection and Response (MDR) and Managed Security Information and Event Management (MSIEM) service combines near-real time endpoint threat detection with long-term even analysis and trend reporting, helping our clients to remain secure and meet their various insurance and compliance requirements. And we test and improve our services based on the results of our own and our customers’ adversary emulation testing services.

Encryption and HSM

The implementation of risk-based cryptographic controls will also help to ensure compliance with regulatory standards including ISO/IEC 27001 (defined cryptographic controls and formal processes for the secure lifecycle management of encryption keys) and the Payment Card Industry Data Security Standard (protection of stored account data through strong encryption) and the Australian Government’s Information Security Manual (ISM).

System hardening

We assist in creating secure Standard Operating Environments (SOEs) based on CIS Build Kits or Microsoft Intune, ensuring that baseline configurations are repeatable, supportable, and aligned with risk management and compliance objectives. Pre-hardening assessment encompasses governance, networking, storage, and identity configurations, providing a risk-based view of security gaps and aligning findings with obligations under relevant standards and guidelines.

Web-application firewalls

Everyone makes mistakes and even mature development teams can slip up and accidentally introduce the kinds of vulnerabilities that feature in the OWASP Top 10. DotSec provides a fully managed Web Application Firewall (WAF) service that provides a critical first line of defence for your web apps and services, while also helping to meet key requirements under frameworks such as PCI DSS and the Australian Government Information Security Manual (ISM).

OUR CYBER SERVICES

ISO 27001 consulting

Practical and experienced Australian ISO 27001 and ISMS consulting services. We will help you to establish, implement and maintain an effective information security management system (ISMS).

Penetration tests

DotSec’s penetration tests are conducted by experienced, Australian testers who understand real-world attacks and secure-system development. Clear, actionable recommendations, every time.

PCI DSS

dotSec stands out among other PCI DSS companies in Australia: We are not only a PCI QSA company, we are a PCI DSS-compliant service provider so we have first-hand compliance experience.

WAF and app-sec

Web Application Firewalls (WAFs) are critical for protecting web applications and services, by inspecting and filtering out malicious requests before they reach your web servers

Identity management

Multi-Factor Authentication (MFA) and Single Sign-On (SSO) reduce password risks, simplify access, letting verified and authorised users reach sensitive systems, services and apps.

Vulnerability management

dotSec provides comprehensive vulnerability management services. And we analyse findings in the context of your specific environment, priorities and threat landscape.

Phishing and soc eng

We don’t just test whether users will click a suspicious link — we also run exercises, simulating phishing attacks that are capable of bypassing multi-factor authentication (MFA) protections.

Penetration testing

DotSec’s penetration testing services help you identify and reduce technical security risks across your applications, cloud services and internal networks. Clear, actionable recommendations, every time!

Managed SOC/SIEM

dotSec has provided Australian managed SOC, SIEM and EDR services for 15 years. PCI DSS-compliant and ISO 27001-certified. Advanced log analytics, threat detection and expert investigation services.

Secure configuration

We provide prioritised, practical guidance on how to implement secure configurations properly. Choose from automated deployment via Intune for Windows, Ansible for Linux or Cloud Formation for AWS.

Secure cloud hosting

Secure web hosting is fundamental to protecting online assets and customer data. We have over a decade of AWS experience providing highly secure, scalable, and reliable cloud infrastructure.

Essential eight

DotSec helps organisations to benefit from the ACSC Essential Eight by assessing maturity levels, applying practical security controls, assessing compliance, and improving resilience against attacks.

Advisory services

We have over 25 years of cyber security experience, providing practical risk-based guidance, advisory and CISO services to a wide range of public and private organisations across Australia.