Case Study: Bootstrapping a Cybersecurity Program for IoT Manufacturer

About

As an ASX 100 company, they required consultancy that could guide them towards progressive cybersecurity measures that would meet their needs now and in the future.

With both a local and international presence, they are required to address multiple industry standards for cybersecurity, data privacy and IoT Security.

Their Challenges

As a product manufacturer, their requirements for cybersecurity aren’t the same as those of a big enterprise or financial services company.

They needed a cybersecurity roadmap that matches their start-up culture and drives world-class innovation for their product software, engineering and device manufacturing.

They required a consultancy partner who would understand how their business operates and who could offer practical security solutions (and not just a checklist).

With a complex supply chain both locally and internationally, they required consultancy that would go beyond just generic advice from industry standards.

The client recognised the need for a sustainable cybersecurity model across their business lines.

Focussing on just compliance with generic industry security standards wasn’t going to match their needs as a business.

Our Solution

Our services built a phased cybersecurity roadmap that started by focusing on business needs rather than just a compliance program.

We engage within a monthly retainer model providing flexibility to the client to ramp up or ramp down the engagement as required.

Our services included

• Stakeholder Use Stories: Understanding what cybersecurity means to stakeholders, including customers, partners, board members, shareholders and insurers.

• Cybersecurity Operating Model - Outlining the team structure and capabilities needed for sustainable cybersecurity.

• Cybersecurity Governance - Ensuring the cybersecurity program remains defined and measured.

• Secure SDLC and IoT Security - Defining the guidelines, processes and templates for adopting security software development practices and IoT security benchmarks.

• Industry best practices - Keeping the roadmap and initiatives anchored against industry best practices such as ISO 27001 and ACSC Essential Eight.

• Technology guidance - We offered independent technology advice for selecting vendor products based on business needs.

Conclusion

We helped grow and mature their cybersecurity capability so that it was both well-governed and structured for success. With the increasing focus both locally in Australia and internationally towards IoT security, we continue to work with them towards addressing their ongoing requirements.