Board Briefing: Cyber Governance Insights →

INCIDENT RESPONSE
CONTACT US
INCIDENT RESPONSE CONTACT US

Case Study Security Reviews

Security Reviews

Customer: Te Whatu Ora – Health New Zealand
Industry: Government Administration
Services: Security Reviews

 

Download success story

Security Reviews – Te Whatu Ora – Health New Zealand

Challenges

  • Need for full time security resource to conduct regular security testing on a subscription-based consultancy model
  • Need for a trusted partner that offered flexibility and adaptability to their testing regime
  • Need for experts who understood their security architecture / environment

Outcome

  • Secured consulting partner on a subscription-based model
  • Access to dedicated resource to perform regular testing without having to wait on lead times
  • An extended team of exceptional people who provide expert guidance
decor

Te Whatu Ora

Health NZ is the government’s principal advisor on health and disability policy. Through their leadership of the health and disability system, the organisation helps ensure better health outcomes for New Zealanders.

Health NZ work with health and disability providers throughout the wider health sector and manage a programme of work that supports government priorities and builds on the integral strengths and assets of communities, families and whānau.

Health NZ is a funder, purchaser and regulator of health and disability services in New Zealand.

The challenge

Health NZ needed a specialist to conduct regular security reviews across its external facing corporate applications and other identified targets, on a subscription-based model. This model would allow Health NZ to obtain a fulltime resource for the duration of the programme.

The challenge for Health NZ was to secure this commercial model with a trusted partner who could provide the services as and when required.

The solution

CyberCX did not offer full time allocated resources at the time, but following discussions with Health NZ, were able to support this operating model by being flexible in our commercial approach.

CyberCX was able to present Health NZ with a dedicated resource, 40 hours a week for a defined period and programme of works.

On this subscription model, CyberCX have provided:

cyber security

Expert resources to perform testing,

without Health NZ having to wait on lead times

cyber security

A flexible commercial agreement

that offered cost and resource certainty

cyber security

Presence at project-related stand-ups

to provide advice across the development of applications

cyber security

Weekly updates

and attendance at monthly meetings

cyber security

Security reports,

including overviews of test results and recommendations to resolve identified issues

cyber security

Application testing.

In general, testing approach is selected to suit the application, scope, and timeframes available to maximise assurance. Application testing. In general, testing approach is selected to suit the application, scope, and timeframes available to maximise assurance.

cyber security

Network testing

includes automated vulnerability assessments, followed by manual analysis and further testing against any externally accessible IP addresses.

The outcome

Health NZ have partnered successfully with CyberCX to operate a commercial model that met their subscription-based engagement needs. Health NZ have access to a full-time trusted resource they can rely on to deliver the security testing they need – during business hours and beyond when necessary. This dedicated resource operates like an extended member of Health NZ’s internal security team.

CyberCX have since supported Health NZ with Governance, Risk and Compliance (GRC), Network and Infrastructure Solutions (NIS), and Digital Forensics and Incident Response (DFIR) capabilities.

decor
business

GRC professionals help

improve business outcomes and continuity with expert guidance and embedded cyber security best practices.

business

NIS specialists have end-to-end expertise

to design, integrate, engineer, and deploy the full suite of digital assets, delivering fast and efficient technology capabilities that support an organisation’s requirements.

research paper icon

DFIR specialists are ready to help

organisations conduct forensic investigations and respond to cyber incidents.

CyberCX empowers organisations to fortify themselves and when the customer succeeds, we succeed.

CyberCX and Health NZ share a respectful and mature relationship as we continue to support the client in their application testing efforts to ensure cyber resilience.

“We look forward to continuing work with CyberCX and always request for CyberCX to do the testing on things we suspect would be complex and less than ideal”

Jeremy McMullan
Security Lead Covid-19

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.

Talk to an expert