Cybersecurity

CYBERSECURITY

When it comes to cybersecurity, the common question for all clients is – What risk level are you willing to accept to protect your most valuable asset – Information?

Fundamentally, our society is more technology reliant than ever, making cybersecurity one of the most relevant and necessary discussion topics of our time.  In the modern world, cybersecurity is no longer an IT discussion, it is a discussion in risk management.  As a trusted advisor, the function of Integrated Solutions is to support our clients in assessing their current security position, evaluate the greatest area of risk and facilitate remediation steps to offset risk.

Cybersecurity is a broad and complex subject matter.  In order to bridge the communication gap to improve understanding and reduce complexity, there must be a common language – that language exists in the form of a security framework.

While there are many security frameworks available and no single mitigation strategy is guaranteed, the cybersecurity framework (common language) that Integrated Solutions has chosen is based on the National Institute of Standards and Technology (NIST) but does also incorporate the Australian language in the form of The Essential Eight.  NIST’s approach has been chosen for its comprehensiveness in covering a wide range of business governance.

  • What

  • The NIST Cybersecurity Framework includes 5 core functions – Identify, Protect, Detect, Respond, Recover.  Each function is underpinned by a wide-ranging set of categories and controls – which are safeguards or countermeasures to avoid, detect, counteract and/or minimise risks.
  • How

  • As part of the initial discovery activity, Integrated Solutions will undertake a risk assessment exercise to review and map IT assets and policies including systems, applications, processes and procedures.  The outcome of this activity is to empower decision-makers with information about the business – strengths and areas of improvement.
  • Why

  • Every organisation is unique in the way they leverage technology.  Therefore, their definition and approach to risk management is also unique. Using a standard framework as a guide is necessary because it’s objective, measurable, comprehensive and consistent – scalable across industry and size.

The Framework

The threat medium is constantly changing, and the level of sophistication increasing; therefore, the risk assessment exercise must be an ongoing investment.  As businesses begin to asses and implement the framework, their own level of sophistication may change.  The frequency of the exercise and/or investment is unique to each business, subject to its risk profile and tolerances.

The Engagement

Professional Services

1. Engage 

Initial consultation to define and understand the risk profile unique to each business

2. Enable

Undertake the risk assessment exercise, measure the area(s) of risk, evaluate potential remediation options

3. Execute 

a. Accept the solution: create an action plan for remediation
b. Accept the risks: sign off

4. Enhance 

Create a roadmap for continuous improvement