Full Spectrum Cyber Security Solution for a leading For Purpose Organisation in Allied Health
Ionize is proud to support one of Australia’s leading, high profile For Purpose organisations in Allied Health. The client fulfils a vital community service on behalf of the Federal as well as State Governments. In this role it is required to handle sensitive and regulated information including PII and payment information which is subject to PCI compliance requirements.
IT services are provided through a hybrid combination of in-house capability, third party outsourced services, cloud-based application delivery including integration with Federal and State based government services.
In this context the potential attack surface was large, complex, and only partly under the control of the client’s IT team. While responsible for security, they have no dedicated security team nor the financial justification for creating one.
Back in 2020-21, the Board recognised the growing potential of cybercrime and the impact a successful attack could have on the reputation of the business, disruption to operations which could potentially put in jeopardy the viability of the business should the government lose confidence in their ability to act as a custodian of citizens’ data.
Challenge
In 2018/19 the Board endorsed a full, independent cyber maturity assessment, which when completed, revealed numerous short comings across key aspects of the business. These varied in severity across domains such as IT, information handling and the broader governance of the business.
At the direction of the Board and with strong support from the CEO, the organisation sought out a cyber security partner capable of identifying key priorities and carefully working through risks to ultimately develop a solution that was compliant as well as sustainable in terms of the financial and resource impact to the business. Ionize was chosen as that partner.
Solution
Governance Governance, risk and compliance advisory services to assist the Board and senior executives in mapping the organisation’s security posture to identify priorities and actions.
Policy and procedure maturity improvement with a specific focus on information handling and business continuity risk and recovery readiness.
ISO27001:2 uplift and support to ISO certification.
Offensive Services An annual program of Penetration Testing across over 30 applications, including those of key partners where appropriate and agreed.
Defensive Services Yearly Microsoft Office 365 security assessment and review, ensuing all entities are compliant with best practice noting all endpoints are monitored by our SOC.
Monitoring & Reporting 24/7 HAWC Managed SOC, including Tier 1 and Tier 2 response services.
Alerts, reporting, and advisory services related to adverse findings based on our SOC monitoring observations.
Value add activities such as; honey pot projects, intelligence briefings and ongoing attack simulation exercises.
Awareness, Training and Enablement The creation and delivery of generic as well as bespoke cyber security training materials relating to both general practices as well as client-specific policy-related content.
Annual “breach simulation” desk top exercise encompassing the Board, executives, and key staff to ensure the client’s people, systems, and procedures are robust in the face of an actual breach, should one occur.
Annual Board level report on the program status and key observations and recommendations. This includes an annual, as well as ad hoc in person cyber briefings from the Ionize CEO.
Outcomes
Since commencing the engagement, Ionize successfully addressed and finalised all significant adverse findings raised with the Board from the initial cyber security assessment, enabling both the Board and staff to move to a more proactive cyber security approach.
The client now benefits from a dedicated group of cyber specialists working on all elements of their security uplift and maintenance program, without the burden of the headcount and infrastructure/tooling costs associated with such a team.
With their improved cyber capability, the Board is now more confident in the knowledge that with Ionize as their cyber security partner, the cyber resilience has gone from an inhibitor to an accelerator of business outcomes.
A reference letter or contact is available upon specific request.