Digital Services Provider

About This Project

This growing organisation services high-risk industries and wanted to get ahead of increasing cybersecurity expectations of its stakeholders and customers, by assessing and improving their cyber security risk profile, practices and capabilities.

The Situation

Our client is a successful digital services organisation providing customer and digital design and experience solutions and services to their clients in education, health care, aged care, government and other sectors.  They recognised the increasing expectations on cybersecurity resilience and wanted to be ahead of the changing expectations of their customers and stakeholders.  Hence,they commissioned Information Professionals Group to review their cybersecurity capabilities and support an improvement and uplift to match emerging customer expectations.

The Approach

We worked with the Chief Executive and Senior Management team to define the appropriate risk tolerance for their organisation (and customers), set a plan to assess their cybersecurity threat and risk landscape against this risk tolerance, identifying current capabilities and recommended additional steps and from this, and built an initial Information Security Management System, compliant with ISO27001/2.

The work included review and inspection of current policies and procedures, interviews and workshops, vulnerability scans of the network and infrastructure, and phishing simulations to engage and assess staff reactions.  A range of recommendations were aimed at uplifting security controls in areas ranging from technical through to procedural and contractual.  Existing security controls were also identified and catalogued, as well as additional areas recommended for improvement.  This was built into an Information Security Management System(ISMS)…effectively their quality manual for cybersecurity.  Management and staff responsibilities were allocated as part of that.

The Impact

The work was completed on schedule and on budget.  Staff and management were engaged into the cybersecurity dimension of their work, from the perspective of their own organisation and their clients.  Their developing ISO27000 ISMS supported them in profiling to current and prospective clients on the proactive cybersecurity steps they are taking.  And they were able to report to their stakeholders on the immediate measurable risk reductions.