Security Risk Management Plan
for a Cloud Hosted web site
Case Study: Geoscience Australia
MXA delivered a Security Risk Management Plan (SRMP) for the Australian Energy Resources Assessment (AERA) web site.
What we did
AERA involves five separate cloud services and manages unclassified energy-related data. Although the system was likely to be unclassified (public) the agency was concerned that the five cloud services could still pose a risk to the agency.
MXA used ASD’s Information Security Manual (ISM), data-related policy including the Privacy and Archives Acts, leading knowledge of impending threats along with a custom developed SRMP template to complete a comprehensive review and plan for the agency.
After completing a separate review with the IT Security Advisor, the report was presented to business using a rich graphical format who were pleased with the quality of findings and level of detail provided.
MXA delivered a Certification of the AERA web site prior to launch and provided Geoscience Australia with a comprehensive understanding of key risks and mitigations.