security

Creating an Integrated Security Framework

In a recent Canberra assignment for a large federal government client, INDEX was challenged to integrate recognised “Best Practice” Cyber Security with fundamental ICT engineering builds; to develop an ICT Security synergy between practitioners and engineers.

The client had finished amalgamating several large departments into one IT Bureau of 3,000 staff – describing the process as “ Today we simply absorbed a system as large as CommBank’s – and it is just BAU”.

The next business process re-engineering task was to refresh the Cyber Security policy for this new alliance. Cyber Security focus is strict compliance, but Cyber Engineering followed an international benchmark – COBIT.

The usual solution might be to authorise two “side by side” frameworks; each equally weighted. For this assignment, INDEX recommended championing a completely integrated single framework – combining Cyber Security with Cyber Engineering – producing “ICT Security by design”.

Producing a multi-layered Cyber Security Framework did challenge thinkers who were wedded to one side or the other; the final outcome recognised the corporate need for assurance, belief in and investment with COBIT and adherence to superior risk mitigation directions.

INDEX led debate and authored several key artefacts for that client: Cyber Security Management Framework Project plan, Cyber Security – Concept of Operations, Cyber Security – Information Security Management Framework, Cyber Security Management Framework Work Breakdown Structures for members of the Authoring Team and standard team notes on Threat, Incident Monitoring and Response.

If you’re undertaking any security projects, please call me on the numbers below to see how INDEX can assist.

Leave a Reply

Your email address will not be published. Required fields are marked *