skip to Main Content

Security Risk Management Plan
for a Cloud Hosted web site

Case Study: Geoscience Australia

MXA delivered a Security Risk Management Plan (SRMP) for the Australian Energy Resources Assessment (AERA) web site.

What we did

AERA involves five separate cloud services and manages unclassified energy-related data. Although the system was likely to be unclassified (public) the agency was concerned that the five cloud services could still pose a risk to the agency.

MXA used ASD’s Information Security Manual (ISM), data-related policy including the Privacy and Archives Acts, leading knowledge of impending threats along with a custom developed SRMP template to complete a comprehensive review and plan for the agency.

After completing a separate review with the IT Security Advisor, the report was presented to business using a rich graphical format who were pleased with the quality of findings and level of detail provided.

The result

MXA delivered a Certification of the AERA web site prior to launch and provided Geoscience Australia with a comprehensive understanding of key risks and mitigations.

Back To Top