Information security review to safeguard business operations and customer data
Outline of the project
In 2021, GWI worked with an investment firm that provides full-service agricultural funds management to assess their cybersecurity maturity and build a more robust and secure environment to align with government regulations and investor expectations.
Following this, GWI was re-engaged in 2022 to perform a follow-up review on the client’s cybersecurity maturity and practices and devise an incident response plan.
The Annual Cyber Threat Report (2021-22) published by the Australian Cyber Security Centre (ACSC) found a 13 per cent increase in reported cybercrimes from the previous financial year. Without a greater focus on cyber security through both private industry, and government, organisations are vulnerable.
Performing an information security review
For the information security review, GWI consultants conducted stakeholder discussions to understand the existing state of cybersecurity within the organisation. In addition, existing documentation relating to cybersecurity were reviewed to understand the current landscape. These elements were then measured against the Australian Government’s Essential Eight.
The Essential Eight has been designed to protect Microsoft Windows-based internet-connected networks to help organisations protect themselves against various cyber threats.
For the incident management plan, GWI leveraged industry best practices and developed a fit-for-purpose plan for the client which aligned with their business continuity and disaster recovery plans.
Work for impact
The work done by GWI supports the client in helping to prevent and respond to cyber threats. Providing an updated cybersecurity measure to the client, along with an updated set of recommendations to further increase the scoring in the future, re-establishes the organisational preparedness and seeks to address any outstanding identified vulnerabilities.
The incident management plan helps the client to prepare, detect, assess, respond, analyse and resolve information security incidents when they arise. Having a plan ensures that if an incident does occur, the client’s stakeholders will be able to follow a simple and specific set of steps to respond and minimise potential risks and implications of a cyber incident. The client can continue with the confidence of knowing their customer data and business operations are secure.
Learn more about GWI’s privacy protection and security service offering here: https://www.gwi.com.au/category/privacy-protection-and-security/
If you think your information assets might be at risk of a hack or leak, talk to GWI today. https://www.gwi.com.au/contact/