Client
Our client, a large Australian broadband provider.
Challenge
As a provider of critical infrastructure, the client must maintain a strong array of security controls and detection capabilities that deliver a high level of resilience to attack. The role of Security for the client is to protect their people and assets from personnel, physical, and cyber security threats, and to build trust and confidence in their ability to deliver a reliable and fast broadband network.
In 2017 the Australian Signals Directorate (ASD) updated Strategies to mitigate Cyber Security Incidents which is a priority list of practical actions entities can take to secure their IT environment. The ASD also released the Essential Eight Maturity Model, to assist entities in assessing the level of implementation of the Essential Eight mitigation strategies.
Of these eight strategies, four are mandatory - application whitelisting, patching applications, patching operating systems, and restricting admin privileges.
The Australian National Audit Office (ANAO) conducts performance audits of government entities every few years to assess their cyber resilience against the Protective Security Policy Framework (PSPF) and the Essential Eight, in particular the four mandatory strategies (Application whitelisting, Patching Applications, Restrict administrative privileges and Patching operating systems).
The maturity levels each of the eight Security Controls are rated against are in the table below.
The minimum maturity level required for a pass mark in an audit is Level 3 - Fully aligned with the intent of the mitigation strategy. Under special circumstances some organisations will require a minimum of Level 4. Since 2013, many non-corporate commonwealth entities have been audited returning high rates of non-compliance. More detailed information for each Security Control’s Maturity Level requirement can be found on the Australian Signals Directorate website.
In 2018 the client created a project focusing on identifying current maturity level (not implemented, partly implemented, mostly implemented, fully implemented) of these Essential Eight mitigation strategies within the company to identify any gaps and to prioritise gap closure activities with the expected result being an increase to the clients Security Control maturity level and a pass audit by the ANAO i.e., Level 3 maturity achievement.
Results
The client performed an internal audit on their own systems to assess where they believe their maturity level to be for each of the mitigation strategies. For each of the 8 Security Controls a maturity level is assigned as of the date of audit, from the maturity levels above (Figure 2). Each Control was assessed, and activities planned to improve this rating to Level 2 then Level 3 (if not already Level 3). A timeline was then created for each Control, with planned dates for each of the remediation activities and expected Maturity Level Increase.
FinXL supported the client by providing Consultants to work as part of their team delivering Risk and Remediation, Security Compliance, Security Network Architecture, and Supplier Security. Specifically, FinXL Consultants:
Reviewed current security practices,
Conducted risk assessments,
Recommended implementation strategies based off the Essential Eight, and
Created roadmaps to improve maturity, rolling out and monitoring security solutions.
Globally, the cyber threat environment has increased, with COVID-19 themed phishing and ransomware more prevalent. Physical attacks against telecommunications infrastructure attributed to COVID-19 conspiracy theories linked to 5G technology have also taken place. The security uplift project was completed in late 2020, successfully achieving Level 3 maturity for all eight of the mitigation strategies.
-
.png "Leading the Way in Gender Pay Equity Within IT Services")
Leading the Way in Gender Pay Equity Within IT Services
27-02-2024
Read Full Article -
Navigating Agile Challenges in Digital Product Delivery
26-09-2023
Read Full Article -
Staff Augmentation in the Gig Economy: Navigating Opportunities and Challenges
07-09-2023
Read Full Article -
FinXL Celebrates Another Win: Recognised in the Australian Business Awards for Business Innovation
04-09-2023
Read Full Article -
Stepping Up the Pace: Finite Group Runs City2Surf 2023 with Record Fundraising
15-08-2023
Read Full Article -
Embracing the New Normal: The Rise of Remote Work
30-07-2023
Read Full Article -
Leveraging Professional Services for Effective Project Delivery
01-07-2023
Read Full Article -
.png "Environmental Responsibility")
Environmental Responsibility
31-05-2023
Read Full Article -
Google vs DuckDuckGo: A Comprehensive Comparison of Privacy and Security Features
15-05-2023
Read Full Article -
Leveraging today’s digital environment for a seamless work experience
28-04-2023
Read Full Article -
.png "Mastering platform-driven business")
Mastering platform-driven business
31-03-2023
Read Full Article -
.png "Top Cyber Security tips for 2023")
Top Cyber Security tips for 2023
28-02-2023
Read Full Article -
Community Outreach 2022
15-02-2023
Read Full Article -
Chatbots at the forefront of the workplace of the future
01-02-2023
Read Full Article -
The growth industries of the next decade
22-11-2022
Read Full Article -
Turbo-charged renewables sector expected to create over 1 million new jobs
28-10-2022
Read Full Article -
These are the digital skills in high demand now and into the future
30-09-2022
Read Full Article -
FinXL wins ABA100 Winner for Business Excellence in the Australian Business Awards 2022
15-09-2022
Read Full Article -
Welcome to the brave new world of the Metaverse
26-08-2022
Read Full Article -
.png "Finite Group City2Surf team raise nearly $5,000 for Guide Dogs NSW/ACT")
Finite Group City2Surf team raise nearly $5,000 for Guide Dogs NSW/ACT
16-08-2022
Read Full Article