In 2018, Thinkun, a leading Sydney based digital marketing agency had a mandate from the stakeholders for security assessment of the current IT and cloud infrastructure across the fleet needs to be done to comply with Notifiable Data Breach (NDB) legislation and the growing cyber security threat landscape. Being a digital marketing agency with cyber security as a key focus area, Thinkun decided to engage CyberDots to do a comprehensive security assessment to understand current and target level of security maturity.
The 4 key objectives of the engagement were:
Security Maturity: Baseline the current security posture, the desired state and steps to achieve it.
Security Architecture: The current and future state of IT architecture with a security lens.
Security Framework and Compliance: To achieve desired compliance as per PCI-DSS guidelines.
Security in the Cloud: To ensure security for public cloud adoption as well as SaaS services.
“Cyber Security is an increasingly complex world. CyberDots provided us with a security maturity assessment with precise messaging for a board level discussion followed by comprehensive recommendations to achieve the desired security. The team at CyberDots were extremely flexible to meet our tight deadlines.”
Anurag Chakradhar- Managing Director, Thinkun
To address to the above four key areas of concern, the team at CyberDots performed the following.
We focussed on the following specific areas of concerns and analysed current and future state with recommendations:
CyberDots mapped out current security architecture and aligned it meet industry standards practices. Areas such as two factor authentication, WordPress sites security, and network and password security along with encryption key management were evaluated and recommendations provided to align with industry best practices.
CyberDots evaluated Thinkun’s current level of maturity against CyberDot’s propriety maturity model based on industry best practices and frameworks like ISO 27001, PCI-DSS, NIST, and ASD top 4/Essential. CyberDots also helped define and formulate desired state maturity model for Thinkun along with identifying payment flows alignment as per PCI-DSS compliance guidelines.
CyberDots assisted with best practice recommendations from public cloud providers such as AWS. We provided guidelines to enhance the security posture of Thinkun by adopting the right product sets and architectural changes that could support “in the cloud’ as well as ‘on-prem’ workloads.
CyberDots provided our customer a complete security framework starting with risk assessment, security architecture; and all the way to logging, auditing, monitoring and alerting.