Board Briefing: Cyber Governance Insights →

INCIDENT RESPONSE
CONTACT US
INCIDENT RESPONSE CONTACT US

Case Study Strategic Security Consulting

Strategic Security Consulting

Customer: Cawthron Institute
Industry: Scientific Research
Services: CISOaaS / Security Testing & Assurance/ Business Continuity Planning

 

Download success story

Strategic Security Consulting – Cawthron Institute

Challenges

  • Need for procedures / policies to provide security guidance and direction to the Institute
  • Shortage of internal security expertise
  • Limited insight to current security posture

Outcome

  • A set of ISO-aligned ISMS policies
  • Access to local end-to-end cyber security resources with global experience
  • Increase in visibility and understanding of their security posture
decor

Cawthron Institute

Cawthron is Aotearoa New Zealand’s largest independent science institute and has a centurylong legacy of delivering world-class science and innovation that supports the sustainable development of primary industries in New Zealand and globally.

The challenge

Cawthron began a re-alignment programme in 2021 called “One-Cawthron”. The aim of this was to align the company to one set of values and goals. This was one of the catalysts for a review of their Cyber Security posture.

An early requirement was to create and deliver a set of ISO-aligned Information Security Management System (ISMS) policies to assist in providing a framework for the re-aligned organisation.

Cawthron recognised they had limited time, inhouse resources and expertise required to give cyber security the focus it needed. Cawthron identified the best way forward was to partner with an organisation who had the local presence, the specialist domain knowledge and reputation in cyber security.

The solution

In meeting this challenge, Cawthron engaged CyberCX in May 2021 with an immediate focus on producing a suite of policies through the CISO as-aService (CISOaaS).

The CyberCX CISOaaS provides:

cyber security

Access to independent input,

insight and capability, without Cawthron having to retain a fulltime CISO

cyber security

Expertise across

many security disciplines

cyber security

A trusted, impartial voice

with an independent perspective

cyber security

Ability to supplement

internal teams and provide additional capacity to assess and manage cyber risks

cyber security

Visibility and credibility -

conduit between IT, Security, Leadership Team and Board

Since then, CyberCX has assisted Cawthron in

cyber security

Improving

its email security

cyber security

Implementing

a vulnerability management system

cyber security

Developing

a Risk register in a new digital portal allowing automated workflow tasks and providing visualisation of risks to Executive Leadership Team & Board

cyber security

Conducting

a series of Penetration Tests

The outcome

Cawthron has been able to take advantage of the vast skillsets offered by CyberCX in security assurance testing, governance and risk advice, engineering and consulting services.

decor
business

Cawthron has achieved an increase in visibility

 and gained a better understanding of their security maturity through Penetration Testing, Business Continuity Planning and analysis of alignment to NZISM. This has allowed Cawthron to focus their technology investments in areas that have the biggest impact – its core business which is the advancement of science to benefit Aotearoa New Zealand, with a focus on natural resources by delivering science that supports healthy ecosystems, a prosperous blue economy, thriving people and communities.

business

Cawthron continues to partner with CyberCX to gain support,

receive regular independent input and insight through the on-going CISOaaS engagement and current BCP project. Cawthron has been able to take advantage of the vast skillsets offered by CyberCX in security assurance testing, governance and risk advice, engineering and consulting services.

research paper icon

Cawthron has achieved an increase in visibility and gained

a better understanding of their security maturity through Penetration Testing, Business Continuity Planning and analysis of alignment to NZISM. This has allowed Cawthron to focus their technology investments in areas that have the biggest impact – its core business which is the advancement of science to benefit Aotearoa New Zealand, with a focus on natural resources by delivering science that supports healthy ecosystems, a prosperous blue economy, thriving people and communities.

business

Cawthron continues to partner

with CyberCX to gain support, receive regular independent input and insight through the on-going CISOaaS engagement and current BCP project.

CyberCX is currently working with Cawthron on their Business Continuity Planning (BCP) project.

By partnering with CyberCX for its strategic security planning and implementation needs, Cawthron can provide assurance to regulators and customers alike, that business plans are in place that enable the supply of services to continue should a cyber security event occur e.g., a ransomware attack.

“The ability to have a trusted advisor sit across the table and provide practical, pragmatic advice and pull together experts from across practices such as GRC and Edge-Penetration testing as needed has been invaluable.”

Carl Snelgrove
Technology Support Manager

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.

Talk to an expert