Case Study: Security and Risk Advisory Services

Business Aspect has provided senior level security and risk advisory services to this newly established Agency over a period of time. Services included risk and strategic planning advice, as well as technical security advice. Business Aspect assisted the Agency in maturing its information security management system to align with the requirements of the Federal Government Protective Security Policy Framework (PSPF) and Information Manual (ISM).

This work included establishing a full portfolio of security policies and management plans in accordance with mandated standards, as well as the development of a range of artefacts-such as system security plans. Work included an Agency-wide Security Risk Management Plan (SRMP) compliant with ISO 27005 and ISO 31000.

The artefacts developed included an Information Security Management System, SRMP, Security Policy and National eAuthentication Framework (NEAF) authentication assessment.