Critical Infrastructure - SOCI CRIMP
The Problem
-
Due to a lack of clarity regarding regulatory requirements, CRG, in collaboration with our legal partners, facilitated legal counsel to the organisation. They were made aware of their critical infrastructure obligations under the Australian Security of Critical Infrastructure legislation.
-
CRG conducted a thorough review of the existing security practices, controls, and processes to identify any gaps in compliance with the legislation and alignment with industry best practices.
-
Numerous essential elements necessary for fulfilling the legislative requirements and achieving optimal cyber resilience and risk management were discovered to be either absent or inadequate.
The Outcomes
-
CRG built the Critical Infrastructure Risk Management Programme for the organisation to meet legislative requirements, incorporating enhancements from real-world practical experience.
-
A plan and management of an Essential 8 Level 2 uplift were incorporated to bring the organisation into compliance with the obligations.
-
Supporting processes and documentation were also created to meet the requirements, including a Corporate Incident Response Plan, a Cyber Security Incident Response Plan, and Asset Risk Assessments.
-
Key risks were identified for the Critical Infrastructure assets defined across both cyber and physical realms. These were managed and reduced to within the business risk tolerance for all but one risk, with a management plan defined for the remaining risk.
Benefits
All regulatory requirements were fulfilled, ensuring that no penalties were incurred while significantly enhancing the security of their critical infrastructure.
The board became more informed and educated about the threats confronting the organization, which further propelled improvements.