Call 1300 882 633

Search

Health & Human Services

Building a strong cyber security culture for resilience and growth

Digital Assurance

OCM supporting the strategic enhancement of the cyber security landscape for a large Federal government entity.

THE PROJECT

Creating and maintaing a strong cyber culture presents several unique challenges:

  • Intangible Elements: Cyber security culture involves intangible factors like attitudes, beliefs, and behaviours, which are difficult to quantify and measure objectively.
  • Inconsistent Practices: Teams across the organisation displayed varying levels of adherence to cyber security practices, leading to inconsistencies in the overall security culture.

OUR ROLE

The client engaged us to enhance their cyber security environment strategically. In response, OCM conducted an internal audit, focusing on the department’s cyber security needs and evaluating their readiness to manage risks effectively. We began with a Cyber Security Culture Assessment, aimed at evaluating the department’s specific requirements the readiness of its staff to mitigate risks effectively. This was followed by a Cultural Maturity Evaluation, where we examined employee engagement with security protocols, the level of understanding of individual responsibilities, and the influence of leadership in shaping a strong security culture.

Through our assessment we provided the client with clear insights into the effectiveness of their cyber security culture. Our key findings included several notable strengths:

  • Effective Practices: Regular training, active engagement with security protocols, and a clear understanding of individual roles were crucial factors driving an effective security culture.
  • Leadership Influence: Cultural maturity was significantly influenced by leadership’s ability to set a strong security direction, visibly support security initiatives, and create an environment where employees felt comfortable raising concerns.

In areas where cyber security culture was most mature, we observed several positive outcomes:

  • Increased Threat Visibility: Teams were more aware of potential threats, allowing them to proactively mitigate risks.
  • Reduced Incidents and Enhanced Resilience: Fewer security incidents were reported, and teams demonstrated higher resilience in managing security challenges.
  • Capacity for Secure Growth: A mature security culture allowed the department to pursue new business initiatives securely and with greater confidence.

Key Recommendations

To further strengthen and embed the desired security behaviours, we proposed the following:

  • Enhanced Training Programs: The client should provide initial and annual training that outlines security roles, responsibilities, and awareness. We also emphasised the importance of specialised training for privileged users, ensuring those with elevated access are well-prepared to manage their roles securely.
  • Continuous Monitoring and Awareness: We identified regular, tailored security messages as critical for reinforcing the importance of cyber security and keeping awareness high across the department.

In conclusion, OCM emphasised that fostering a strong cyber security culture aligned both department and individual goals, resulting in security-conscious behaviours. This cultural alignment is essential for sustaining a secure environment as the department continues to grow and evolve.

Other Health & Human Services projects you may be interested in...

Health & Human ServicesLocal Government & MunicipalitiesUtilities, Energy & Resources

Elevating cyber security with Essential Eight maturity assessment

Digital Assurance

Health & Human ServicesLocal Government & MunicipalitiesUtilities, Energy & Resources

ISMS Review: Ensuring ISO 27001 Compliance and Regulatory Alignment

Digital Assurance

Acknowledgement of Country

OCM respectfully acknowledges the Traditional Owners and Custodians of the lands across Australia and recognises their continuing connection to land, waters and community. We pay our respects to their Elders past and present.