top of page
Using a Smartphone

Governance, Risk & Compliance

Essential 8

SALTT Tech cybersecurity consultants have extensive knowledge of the Australian Cybersecurity Centre (ACSC) Essential 8 Maturity Model. One of the most requested services across our client base is:

  1. Help select an appropriate Maturity Level (0-3) for Essential 8 compliance

  2. Assess the current state environment against the selected Essential 8 Maturity Level and create a gap assessment

  • SALTT Tech goes one step further by offering solutions to close gaps in order to help our clients further improve their capabilities and mitigate threats.

 

CISO as a Service

The SALTT Tech Chief Information Security Officer (CISO) as a Service offering enables our clients to take advantage of our team of on-shore cybersecurity experts to fill the role of a virtual CISO within their organisation on a part-time or ad-hoc basis. The role of the CISO is varied and complex, requiring skills in risk management, board-level reporting, and cross-functional stakeholder management all the way through to technical knowledge of threats and controls. Many SALTT Tech clients cite a challenge in attracting and retaining a strong CISO due to the high market demand for these services. By leveraging the SALTT Tech CISO as a Service offering, our clients have the confidence that they have a dedicated cybersecurity partner working for them with a team of experts fulfilling this role for them.

 

Incident Response Planning

Breaches are an unfortunate but inevitable part of modern digital business, and the best approach is the be prepared. SALTT Tech partners with our clients to develop tailored and specific incident response plans (IRPs) to ensure our clients are the best place to respond to cyber-attacks. By having a well-tuned, tested and proven IRP, our clients achieve:

  1. Strong business stakeholder input

  2. Organisation cross-functional support

  3. A well-structured response to dealing with and recovering from a cyber attack.

​

When paired with tabletop scenario simulations, the SALTT Tech IRP places our clients at the forefront of modern cyber attack response capabilities for their organisation, their staff and their clients.

 

Tabletop Simulations

There is often a disconnect between senior executives within an organisation and the front-line cybersecurity teams trying their best to protect the organisation from a breach. This often stems from the fact that company boards and senior executives still largely view cybersecurity as a technical problem. While a significant component of cybersecurity is technically based, a large element of an organisation’s ability to respond to a cyber breach requires cross-functional involvement from other operating teams within an organisation.

​

Executing tabletop simulations for an organisation’s senior leadership team or board of directors drives home the need for positive collaboration between all components of an organisation in managing a cyber breach.

​

Leveraging highly curated scenarios that are specific to an organisation’s business, SALTT Tech consultants generate and execute highly engaging tabletop scenarios that provide deep insight into an organisation’s risk appetite, breach tolerances and overall ability to respond to and recover from a cyber breach.

​

By practising cyber breach scenarios in a simulated environment, organisations can be well prepared if or when real events occur. Everyone will understand their roles and responsibilities and know what to do to play their part. The cyber team and their requirements will be well understood by the executive, and the organisations’ ability to quickly respond and recover is significantly improved.

 

3rd Party Risk Management

Businesses of all sizes and scale regularly share, consume and leverage data and services from partners, suppliers and peers on a daily basis. This constant flow of data between organisations has created a significant attack surface and escalated the risk of cyber breach significantly. A company's data is no longer held in the confines of its own systems or infrastructure or even under its own administration.

​

Many of the scenarios in which data is shared are for absolutely valid business reasons, like payroll or supplier management; however, without appropriate controls in place, it can create unnecessary increases in risk and the potential loss of data.

​

SALTT Tech recommends that organisations implement a 3rd Party Risk Management capability that assesses, both initially and on an ongoing basis, the controls and capabilities of its partners. 3rd Party Risk Management should become an integral part of the procurement process of all organisations and, beyond procurement, part of the standard process whenever data is shared with any 3rd party organisation.

​

3rd Party Risk Management should also be considered cyclical and not once-off. Cyber risks and threats represent an evolving landscape, so ensuring the ongoing governance of data shared with any 3rd party is paramount to the overall cybersecurity posture of any organisation.

 

Cybersecurity Awareness Training & Phishing Simulations

The front line, in terms of cybersecurity, for any organisation is its people. It is well documented that over 90% of all successful data breaches start with a phishing attack. A well-crafted email (or SMS, phone call or QR scan) that convinces a staff member to click on a link and input sensitive details such as company data or their credentials (credential harvesting attack), which is then used by a malicious threat attack to launch an attack against the organisation.

​

Training the staff in an organisation to be cyber aware is an absolutely critical pillar in any organisation’s cybersecurity plan. Due to the evolving nature of cyber threats, security awareness training (SAT) cannot be thought of as a once-a-year event or a once-off event. There needs to be a regular, ongoing cadence of highly engaging training that establishes a culture of cybersecurity awareness within the organisation.

​

More than “tick a box” SALTT Tech looks to create, establish and grow a culture of cybersecurity awareness within our clients. We recognise that this extends beyond their time at work and into their personal lives, creating a more cyber-aware society. Organisations should be careful to select a cybersecurity awareness training partner that staff don’t just play on mute or in the background on their computers but rather one that uses highly engaging content that staff members actually want to watch and learn from. This is the more important element in shifting the mindset from SAT to cybersecurity culture development.

​

This knowledge is regularly tested and validated by using ongoing phishing simulations that confirm that organisations and their staff are becoming more cyber-aware. They can easily spot phishing attacks of varying levels of complexity and know exactly how to deal with them. The process for managing phishing attacks by the staff is well tested and understood. This also creates a stronger bond across teams and with the company’s cybersecurity professionals.

bottom of page