How to classify sensitive data within your organisation (part 2/2)
In this second part of our two-part blog we will discuss the requirements to correctly classify your data. Following on from part one once the
22nd February 2023
Prioritise, Keep Pace, Prevail.
RESEARCH
Our research and development programme sets industry standards in cyber security
At Dionach we are proud of our well-established research and development programme. Our team of consultants are focused on continually uncovering new technical vulnerabilities in software and hardware, raising the bar in security assessment services and sharing our knowledge through whitepapers and various industry channels.
Through the responsible disclosure process we have published numerous vulnerabilities in leading software applications that our team has identified.
As part of our commitment to remaining vendor independent and offering the best technical solution to each client engagement, we also develop proprietary security tools for testing methods including vulnerability scanning, spear phishing and security auditing. In practice, our consultants have a wide range of commercial, open-source and custom tools at their disposal to deliver industry-leading outcomes for our client base.
Some of our custom tools are published as open source on Dionach’s GitHub page: https://github.com/Dionach.
TECHNICAL BLOG
How to classify sensitive data within your organisation (part 1/2)
A crucial first step towards ensuring your data is secure is to identify and classify your information assets. Without considering these tasks you will neither
9th February 2023
The New NIS2 Directive: What do I need to know?
The Network and Information Systems (NIS) Regulations, aimed at raising levels of cyber security and resilience of key systems across the EU, came into force
2nd February 2023
Changes in the ISO 27001:2022 Revision
Changes in the ISO 27001: 2022 Revision Overview The new version of the ISO 27001:2022 standard was released in October 2022, following the release of
10th November 2022
Changes to Self-Assessment Questionnaires for PCI DSS 4
PCI DSS v4.0 introduced some changes to each of the self-assessment questionnaires (SAQs). There is no change to the list of self-assessment questionnaires, and they
10th October 2022
How to Conduct a Risk Assessment
Risk management is at the heart of information security and should be at the forefront of an organisation’s information security program. The term risk management
8th September 2022
Simple 2FA Moodle Plugin: From 2FA Bypass to Account Takeover
Author: Flaviu Popescu – Technical Consultant Introduction There are times as a penetration tester that you find something unique. It may not be unique in
20th June 2022
Phoenix Contact AXC F 2152 Denial of Service Vulnerability
Author: Oliver Carrigan – OT Security Consultant Introduction The Phoenix Contact AXC F 2152 is a Linux based industrial controller used within harsh industrial environments
23rd September 2021
Spoofing Microsoft Outlook Contact
Author: Mike Manzotti – Senior Consultant
As part of a red team assessment, I discovered a bug affecting the latest version of Microsoft Outlook for Microsoft 365 (which was version 16.0.13801.20240 32 bit and 64-bit at the time of the discovery).
2nd September 2021
