Overview
Ensuring security amidst budget constraints
Local councils are under pressure as they try to meet growing commitments while dealing with constrained budgets. The last thing they need is a security breach to upend both activities. But with growing cyber-threats, that’s exactly what could happen.
Like many regional councils, Port Macquarie-Hastings Council (‘Council’) in mid-north-coast New South Wales is responsible for securing critical infrastructure as well as residents’ private data. It must protect these assets with limited finances and skills.
Instead of deploying a technology fix to merely tick a compliance box, Council had the foresight to dig deeper and discover the core problems. As the largest Australian-owned technology services business, Telstra Purple was aptly placed to offer a Security Health Assessment to give a high-level view of the Council’s current security posture.
Challenge
Cyber health assessment reveals critical gaps
The Security Health Assessment highlighted that although Council had invested in security tools, there were significant gaps in security controls and the maturity of the underlying processes. Controls provide guidelines for using security tools and processes, and without them, even advanced security measures aren’t as effective as they should be.
The findings of the Security Health Assessment were compelling. They convinced the Council’s CEO and management to engage Telstra Purple for an in-depth analysis of the security environment.
Approach
Enterprise risk and controls assessment
Telstra Purple performed a comprehensive Enterprise Risk and Controls Assessment aligned with international standards of practice.
The first step was to discover the Council’s electronic and physical assets. This phase assessed infrastructure, systems, applications, the information held, as well as the role of the Council’s service providers in protecting these assets. Following this, a business impact assessment was undertaken. Here, a value was ascribed to information, systems, and services to understand the fallout if they were disrupted or compromised.
The next step was a threat assessment. This asked what deliberate or accidental events could impact information, systems, or services. How could cyber-criminals hack into systems? What could fail? And how would a breach or outage reverberate across interlinked systems?
With threats identified, Telstra Purple could weigh the possible risks. These possible risks were mapped to 573 selected controls, and the effectiveness of those controls was measured. The controls’ effectiveness score could then be used to assess the actual risk ratings. These would determine the measures needed to uplift the security environment.
The success of the engagement relied a great deal on the openness of the Council. To their credit, Council staff members were motivated, forthcoming, and honest.
Impact
Strengthening security: a roadmap for future success
The findings of the Enterprise Risk and Controls Assessment are still being distilled. Nevertheless, when immediate threats were flagged, Council acted quickly to rectify matters.
More than just a one-off exercise, the assessment provides a blueprint for ongoing security by addressing underlying problems, not just the symptoms. With the blueprint, Council can help ensure that security is integral to people, processes, assets, and technologies. And that systems and services are secure by design, secure by default, and secure in operation.
As a further advantage, Council now knows where to invest in security, and where to prioritise investment to mitigate the most serious risks. It can take intelligent action backed by data. And take action it will. The engagement showed that Port Macquarie-Hastings Council is not afraid to tackle the hard issues head-on, whether for security or any other aspect of operations.
Related solutions and capabilities
Cyber essentials
Assess, monitor and respond to cyber threats with Telstra Cyber Essentials, our comprehensive cyber security solution for Australian businesses and government agencies.
Local government capabitilies
Deliver more innovative, convenient and secure digital services for your community with Telstra.
SecureEdge cyber security
Explore Telstra's SecureEdge solutions that enables secure internet access while protecting users and applications against malware, ransomware and zero-day threats.
