Digital Services Provider

About This Project

This growing organisation services high-risk industries and wanted to get ahead of increasing cybersecurity expectations of its stakeholders and customers, by assessing and improving their cyber security risk profile, practices and capabilities.

 

The Situation

Our client is a successful digital services organisation providing customer and digital design and experience solutions and services to their clients in education, health care, aged care, government and other sectors.  They recognised the increasing expectations on cybersecurity resilience and wanted to be ahead of the changing expectations of their customers and stakeholders.  Hence,they commissioned Information Professionals Group to review their cybersecurity capabilities and support an improvement and uplift to match emerging customer expectations.

 

The Approach

We worked with the Chief Executive and Senior Management team to define the appropriate risk tolerance for their organisation (and customers), set a plan to assess their cybersecurity threat and risk landscape against this risk tolerance, identifying current capabilities and recommended additional steps and from this, and built an initial Information Security Management System, compliant with ISO27001/2.

The work included review and inspection of current policies and procedures, interviews and workshops, vulnerability scans of the network and infrastructure, and phishing simulations to engage and assess staff reactions.  A range of recommendations were aimed at uplifting security controls in areas ranging from technical through to procedural and contractual.  Existing security controls were also identified and catalogued, as well as additional areas recommended for improvement.  This was built into an Information Security Management System(ISMS)…effectively their quality manual for cybersecurity.  Management and staff responsibilities were allocated as part of that.

 

The Impact

The work was completed on schedule and on budget.  Staff and management were engaged into the cybersecurity dimension of their work, from the perspective of their own organisation and their clients.  Their developing ISO27000 ISMS supported them in profiling to current and prospective clients on the proactive cybersecurity steps they are taking.  And they were able to report to their stakeholders on the immediate measurable risk reductions.

For more information or for more case studies like this, please contact us.

CONTACT
Client

Digital Services Provider

Industry

Digital Design and Experience provider

Capabilities Delivered
  • Cyber Threat and Risk Assessment
  • Risk Appetite assessment
  • ISO27001/2 assessment
  • Information Security management System (ISMS) development
  • Vulnerability scans
  • Phishing simulations and security training
Client Wins
  • Identifying the improvements to their business to mitigate their most critical cyber related risks
  • Engagement of management and staff into the cybersecurity challenge
  • Development of their initial ISO27001 Information Security Management System (ISMS) and a prioritised ISMS development plan
Category
Growing Companies, RISK & CYBERSECURITY