Cyber Security Services
3na provide a variety of cyber security services tailored to suit the individual needs of each organisation we work with.
Cyber Security Health Checks
3na provide holistic Cyber Security Health Checks using the NIST Cyber Security Framework. Our Cyber Security Health Checks are designed as a faster, high level alternative to detailed cyber security audits, and provide a means to quickly identify problem areas in the cyber security posture of your organisation, system or busines process.
Areas assessed include:
- Cyber security awareness, including risks, assets, and interdependencies
- Existence of policy, procedural and technical security controls
- Ability to detect an incident
- Ability to respond to, and recover from, an incident
Cyber Risk Assessment
3na provide Cyber Risk Assessments in accordance with AS/NZS ISO 31000 – Risk Management. Using our purpose-built tool, we capture, assess and report cyber security risks and can provide a platform for ongoing risk management activities.
On completion of a Cyber Risk Assessment 3na deliver a report containing:
- A risk register identifying and rating cyber risks
- A control register identifying which risk(s) each control mitigates
- Recommendations for addressing risks assessed as unacceptably high
- Optional access to our platform for ongoing risk management
Cyber Security Audit
3na provide independent audits and advisory services to support your organisation working toward compliance with industry recognised cyber security frameworks, including:
- The National Institute of Standards and Technology Cyber Security Framework (NIST CSF)
- The Australian Signals Directorate Essential Eight
- The Australian Government Information Security Manual (ISM)
- ISO/IEC 27001 Information Security Management
We use a purpose-built tool for cyber security assessments, which can be used as a platform for ongoing monitoring, reporting and management of remediation and compliance activities.
On completion of an audit 3na deliver a reporting containing:
- Summary of status against cyber security framework
- Analysis against key areas of chosen framework
- Key areas requiring attention
- High level roadmap for addressing problem areas
Cyber Security Strategy
3na works with organisations to develop tailored and effective cyber security strategies and roadmaps.
When developing a cyber security strategy, we consider factors including:
- Business drivers
- Risk appetite
- Key assets
- Security awareness
- Regulatory and legislative requirements
When developing a cyber security roadmap, we take a holistic and incremental approach with considerations including:
- Roles and responsibilities
- Metrics and KPIs
- Existing skills and capabilities
- Existing business processes and frameworks (e.g. ITIL, ISO 9001)
- Existing tools and technologies
- Supply chain
- Vendor relationships
Examples of Cyber Security work by 3na
3na undertook a cyber security review for a large metropolitan Council to assess their alignment with the South Australian Cyber Security Framework (SACSF).
Working closely with key staff and reviewing documentation, we delivered a report outlining their current cyber security position, key areas for improvement, and a staged roadmap for improving their cyber security posture and compliance with the SACSF.
3na provided security assessment services to support the accreditation and certification of multiple systems.
Tasks included briefing system owners on the requirements of the Defence Security Principles Framework (DSPF) and Information Security Manual (ISM), Stage 1 and Stage 2 assessment processes, vulnerability assessment, and developing mitigation strategies to reduce risk.
3na undertook a cyber security review of a system being developed by a medical company using the National Institute of Standards and Technology Cyber Security Framework (NIST CSF).
We delivered a report summarising their overall cyber security position, status against individual elements of the NIST CSF, and prioritised recommendations to improve the cyber security posture of the system.