Archives: Projects

Why an Internal Penetration Test Delivers Results The CISO of a large  organisation with multiple regional offices approached Dionach requesting an internal penetration test. The organisation used a hybrid IT infrastructure with systems located across two data centres and Azure. The test was conducted from the context of an unauthenticated user with physical access to […]

Finding the right security service to assess your organisation is a critical aspect of any security program. Each security service has its benefits and fits a specific purpose, and it is important to therefore understand the differences between these services to maximise the results of a security engagement. Two of the most popular security services […]

Dionach Join the CAA  Assure Scheme – Extending Our services in the Aerospace  sector 05/09 – 09/09 Oxford, United Kingdom: Dionach are pleased to announce we are now one of a select number of organisations accredited with the Civil Aviation Authority and CREST, to further extend our cyber security services to the Aviation sector. Originally launched […]

The recent PCI DSS v4.0 has some important changes for eCommerce merchants that use a redirect or iframe to reduce scope to Self-Assessment Questionnaire A (SAQ A). Even though the merchant’s website that meets the criteria for SAQ A does not transmit account data, the website does affect where account data is transmitted. We have […]

Ensure you meet your Microsoft Azure and M365 security responsibilities. Cloud computing is of growing interest across different size companies around the globe. Microsoft Azure is one of the most popular solutions for enterprise, due to its deeply-integrated Azure and 365 cloud services, enterprises can rapidly build and manage complex infrastructure to support key services. […]

Author: Mike Manzotti – Principal Consultant at Dionach Changes in the threat landscape combined with the needs of the modern enterprise often come with the requirement for IT staff to be able to respond to cyber security incidents 24/7. These changes have forced many organisations to outsource the detection and response to these incidents to […]

There are times as a penetration tester that you find something unique. It may not be unique in the field of cyber security but unique to the tester themselves. This was one of those times. During testing on a web application, a couple of interesting discoveries were made. One of which was a security vulnerability […]

This is the second of two parts of our publication, looking at the new section 8 controls of the ISO 27002:2022 update. Please refer to part one for section 5 and section 7 controls.In part two of our post, we will cover: Configuration Management (8.9) Configuration management is the process of maintaining computer systems, servers, and […]

Part 1 of 2 Authors: Shannon-Louise Huxley – GRC Consultant, Steve Rowe – GRC ConsultantThe release of the ISO 27002:2022 update brings a restructure of the standard and several new controls. This post aims to provide a breakdown of these new elements and how best practices can be applied to meet the controls’ objectives. This is the […]

Author: Tony McCutcheon – GRC ConsultantOn the 31st of March 2022, global payment security forum, the PCI Security Standards Council, released PCI DSS v4.0. Following on from PCI DSS v3.2.1 which was released on 1st January 2019, v4.0 addresses emerging threats and technologies more efficiently and provides innovative ways to combat new threats.Below, we will […]