DotSec - dot com security
DotSec is a professional information-security organisation that delivers solutions which, first and foremost, address our customer's business requirements. All DotSec professionals are experienced in the design, implementation and assessment of secure information-systems, and in the provision of policies, procedures and training to keep those systems secure.In particular, DotSec professionals have a strong track-record in the areas of:
-
DotSec is pleased to announce the implementation of an Identity Management (IdM) service allowing secure access to electronic clinical resources provided through the Qld Dept of Health's Clinician's Knowledge Network.
Legitimate users are now better able to access a range of journals and other licensed databases with minimum overhead, and Queensland Health is better able to meet its journal and database licensing obligations. The site includes a SAML-based authentication service, providing Web-SSO for a number of web applications.
-
DotSec has also provided (and continues to support) message-security services for APRA's D2A online reporting service, and has completed the design and integration of authentication providers for J2EE systems for an Australian federal government department in Canberra.
- Strong, multi-factor authentication systems, including OTP
(One-Time Password), token and smart-card based systems. DotSec
specializes in the design and deployment of Single Sign-On (SSO)
services.
DotSec has recently deployed a secure, two-factor authentication service for a financial-investment company, allowing remote workers to access VPN and web-mail and calendars, without compromising domain passwords. - Enterprise Identity and Access Management services and integration, including requirements analysis, and integration with strong authentication and directory services.
- The development and review of information-management security policies, and of standard operating procedures and security plans which are based on those policies.
- Threat and Risk Assessment (TRA), security-services design reviews, and Penetration Testing (Pen Tests). DotSec brings unique TRA skills, since DotSec professionals have experience in the design and implementation of secure applications and services, not just in assessment and review. A recent TRA project allowed DotSec to demonstrate how an attacker could collect the usernames and passwords of all the users of a leading case-management application, by exploiting vulnerabilities in the application itself.
- The provision of training courses to a wide variety of audiences. Our courses range from half-day information-security primers, to three-day secure-application development courses, and have been delivered in-house, as well as by third-party training organisations.
