Identify. Evaluate. Remedy.

An enterprise wide perspective on cyber security

How resilient is your enterprise? Would you pass the dionach test?

Protect your organisation’s information assets and manage your cyber risk

Protecting information assets and managing cyber risk is our mission, and one that we are pursuing successfully for hundreds of organisations like yours across the globe at this very moment.

As your strategic partner, we offer an unparalleled breadth of advanced services to match every stage of your information security journey. Our global team of experienced specialists combine the highest calibre of expertise, technology and client care – delivering practical and proven solutions to strengthen your cybercrime defences across every surface.

Our Services

Assurance

Information security assurance through penetration testing and social engineering.

Compliance

Dionach helps organisations meet compliance requirements for standards such as PCI DSS, ISO 27001 and Cyber Essentials.

Response

We help many organisations through understanding and limiting breaches, and mitigating the risk of potential future breaches.

Our insight-led approach keeps you one step ahead

In today’s fast-evolving technological environment, cyber attacks are increasing both in volume and in sophistication. We are a leader in insight-led cyber security, drawing upon our renowned research and development team to keep our clients one step ahead of emerging threats and create new techniques to combat them.

Featured article

PCI DSS: 5 common mistakes to avoid

The message is clear: if you take card payments, PCI DSS applies to you. So why do some merchants remain non-compliant and risk hefty fines, reputational damage and potentially losing their ability to accept card payments? The following article highlights five common mistakes that we at Dionach regularly see in the course of our work as a PCI Qualified Security Assessor (QSA) .

Featured presentation

Red Team engagements and the forgotten risk of mobile devices

Speaker: Luca Pellegrino, Penetration Tester – DefCamp Bucharest 2019

During a red team engagement, going after low hanging fruit is the obvious choice – vulnerable web applications, external password spraying and spear phishing are amongst the most popular attacks.

However, when everything seems to fail, targeting mobile devices and mobile applications could be a surprisingly effective attack vector, due to poor policies around mobiles and the rise of Cloud Mobile Device Management (MDM) solutions.

In this talk Luca Pellegreno highlights the importance of mobile devices and demonstrates how this vector can be used in a real-world attack.

 

Articles & Insights

Why an Internal Penetration Test Delivers Results

Why an Internal Penetration Test Delivers Results

The difference between Penetration Testing and Red Teaming engagements

The difference between Penetration Testing and Red Teaming engagements

Dionach join the CAA Assure Scheme

Dionach join the CAA Assure Scheme

PCI DSS 4: eCommerce Changes for SAQ A Explained

PCI DSS 4: eCommerce Changes for SAQ A Explained

Purple Team Assessments: How to evaluate if you need one

Purple Team Assessments: How to evaluate if you need one

ISO 27002:2022 Update – New Annex Controls Explained (Part 2 of 2)

ISO 27002:2022 Update – New Annex Controls Explained (Part 2 of 2)

ISO 27002:2022 Update – New Annex Controls Explained (Part 1 of 2)

ISO 27002:2022 Update – New Annex Controls Explained (Part 1 of 2)

PCI DSS v4.0 – Everything You Need To Know

PCI DSS v4.0 – Everything You Need To Know

ISO 27002 Update 2022 – Summary of Changes

ISO 27002 Update 2022 – Summary of Changes

The Week In Review 19/04-23/04

The Week In Review 19/04-23/04

The Week In Review 12/04-16/04

The Week In Review 12/04-16/04

An introduction to Dionach’s Ransomware Readiness Review

An introduction to Dionach’s Ransomware Readiness Review

The Week In Review 05/04-09/04

The Week In Review 05/04-09/04

The Week In Review 22/03-26/03

The Week In Review 22/03-26/03

Week In Review 08/03-12/03

Week In Review 08/03-12/03

The Week In Review 01/03-05/03

The Week In Review 01/03-05/03

The Week In Review 22/02-26/02

The Week In Review 22/02-26/02

The Week In Review 08/02-12/02

The Week In Review 08/02-12/02

The Week In Review 01/02-05/02

The Week In Review 01/02-05/02

NHS DCfH Framework

NHS DCfH Framework

Week In Review 25/01-29/01

Week In Review 25/01-29/01

The Week In Review 18/01-22/01

The Week In Review 18/01-22/01

The Week In Review 11/01-15/01

The Week In Review 11/01-15/01

The Week In Review 4/01-8/01

The Week In Review 4/01-8/01

The Week In Review 14/12-18/12

The Week In Review 14/12-18/12

The Week In Review 07/12-11/12

The Week In Review 07/12-11/12

The Week In Review 30/11-04/12

The Week In Review 30/11-04/12

COVID-19 Cyber Security Challenges

COVID-19 Cyber Security Challenges

Why a red team exercise delivers results

Why a red team exercise delivers results

Security testing – how to choose the right provider

Security testing – how to choose the right provider

The top cyber security breaches in 2019 (so far!)

The top cyber security breaches in 2019 (so far!)

Cyber security – are you seeing red?

Cyber security – are you seeing red?

Dionach launches in UAE by simulating a cyber attack in Dubai

Dionach launches in UAE by simulating a cyber attack in Dubai

PCI DSS compliance: 5 common mistakes to avoid

PCI DSS compliance: 5 common mistakes to avoid

So, you want to get Cyber Essentials certified?

So, you want to get Cyber Essentials certified?

Latest from our

Technical
Blog

Changes in the ISO 27001:2022 Revision

Changes in the ISO 27001: 2022 Revision OverviewThe new version of the ISO 27001:2022 standard was released in October 2022, following the release of the revised ISO 27002:2022 guidance in February 2022.Organisations have 3 years to transition from ISO 27001:2013 to...

Changes to Self-Assessment Questionnaires for PCI DSS 4

PCI DSS v4.0 introduced some changes to each of the self-assessment questionnaires (SAQs). There is no change to the list of self-assessment questionnaires, and they have broadly the same eligibility criteria. Below is a summary table showing the SAQs and the number...

How to Conduct a Risk Assessment

Risk management is at the heart of information security and should be at the forefront of an organisation’s information security program.  The term risk management covers all the activities associated with identifying, quantifying, and addressing the risks...

Over 200 public and private sector clients worldwide

Over 1000 penetration tests conducted every year

Over 50 highly qualified, experienced consultants