Our client, a large Australian broadband provider.
As a provider of critical infrastructure, the client must maintain a strong array of security controls and detection capabilities that deliver a high level of resilience to attack. The role of Security for the client is to protect their people and assets from personnel, physical, and cyber security threats, and to build trust and confidence in their ability to deliver a reliable and fast broadband network.
In 2017 the Australian Signals Directorate (ASD) updated Strategies to mitigate Cyber Security Incidents which is a priority list of practical actions entities can take to secure their IT environment. The ASD also released the Essential Eight Maturity Model, to assist entities in assessing the level of implementation of the Essential Eight mitigation strategies.
Of these eight strategies, four are mandatory - application whitelisting, patching applications, patching operating systems, and restricting admin privileges.
The Australian National Audit Office (ANAO) conducts performance audits of government entities every few years to assess their cyber resilience against the Protective Security Policy Framework (PSPF) and the Essential Eight, in particular the four mandatory strategies (Application whitelisting, Patching Applications, Restrict administrative privileges and Patching operating systems).
The maturity levels each of the eight Security Controls are rated against are in the table below.
The minimum maturity level required for a pass mark in an audit is Level 3 - Fully aligned with the intent of the mitigation strategy. Under special circumstances some organisations will require a minimum of Level 4. Since 2013, many non-corporate commonwealth entities have been audited returning high rates of non-compliance. More detailed information for each Security Control’s Maturity Level requirement can be found on the Australian Signals Directorate website.
In 2018 the client created a project focusing on identifying current maturity level (not implemented, partly implemented, mostly implemented, fully implemented) of these Essential Eight mitigation strategies within the company to identify any gaps and to prioritise gap closure activities with the expected result being an increase to the clients Security Control maturity level and a pass audit by the ANAO i.e., Level 3 maturity achievement.
The client performed an internal audit on their own systems to assess where they believe their maturity level to be for each of the mitigation strategies. For each of the 8 Security Controls a maturity level is assigned as of the date of audit, from the maturity levels above (Figure 2). Each Control was assessed, and activities planned to improve this rating to Level 2 then Level 3 (if not already Level 3). A timeline was then created for each Control, with planned dates for each of the remediation activities and expected Maturity Level Increase.
FinXL supported the client by providing Consultants to work as part of their team delivering Risk and Remediation, Security Compliance, Security Network Architecture, and Supplier Security. Specifically, FinXL Consultants:
Reviewed current security practices,
Conducted risk assessments,
Recommended implementation strategies based off the Essential Eight, and
Created roadmaps to improve maturity, rolling out and monitoring security solutions.
Globally, the cyber threat environment has increased, with COVID-19 themed phishing and ransomware more prevalent. Physical attacks against telecommunications infrastructure attributed to COVID-19 conspiracy theories linked to 5G technology have also taken place. The security uplift project was completed in late 2020, successfully achieving Level 3 maturity for all eight of the mitigation strategies.
The growth industries of the next decade
01-12-2022Read Full Article
Turbo-charged renewables sector expected to create over 1 million new jobs
28-10-2022Read Full Article
These are the digital skills in high demand now and into the future
30-09-2022Read Full Article
FinXL wins ABA100 Winner for Business Excellence in the Australian Business Awards 2022
15-09-2022Read Full Article
Welcome to the brave new world of the Metaverse
26-08-2022Read Full Article
Finite Group City2Surf team raise nearly $5,000 for Guide Dogs NSW/ACT
16-08-2022Read Full Article
Cloud migration provides a range of tangible benefits
02-08-2022Read Full Article
Randstad to acquire Finite Group in Australia and New Zealand.
12-07-2022Read Full Article
Eyes on the Sky: Five Cloud Architecture Trends to Watch
30-06-2022Read Full Article
DevOps vs. DevSecOps: What you need to know
27-05-2022Read Full Article
How low code is changing the tech industry in ANZ
03-05-2022Read Full Article
The impact of Agile on commercial engagement models
05-04-2022Read Full Article
How to build an outsourcing strategy in 7 steps
01-03-2022Read Full Article
Record Half Year for Finite Group in Exceptional Market
22-02-2022Read Full Article
The Most Important Soft Skills For Project Managers
25-01-2022Read Full Article
Community Outreach Program 2021 round up
16-01-2022Read Full Article
How quantum technology is set to change Australia's tech world
29-11-2021Read Full Article
How innovative Technology is supporting slowing global warming.
02-11-2021Read Full Article
FinXL Wins ABA100 Award for Risk Management
22-10-2021Read Full Article
Is light the new comms nirvana?
01-10-2021Read Full Article