Arrpwere Cyber
Arrpwere Cyber has a team of security cleared knowledge leaders who have led complex programs across all security classifications in the cybersecurity domain, including:
• Security architecture services
• Threat modelling
• Cyber security assurance assessment against Five-Eyes Frameworks
• Security hardening roadmap
• Cyber awareness and education, including an MBA in Cybersecurity
• Cyberworthiness & assurance
• Research & development
THE ARRPWERE CYBER ASSURANCE LIFECYCLE
The Arrpwere Cyber Security Assessment helps organisations identify their cyber security posture and obtain a tailored cyber resilience strategy, giving them the confidence and capability to deal with increasing risk.
Our comprehensive assessment allows organisations to identify potential gaps and risks in their environment so they can ultimately implement a cost-effective cyber security plan. We are able to provide a customised cyber resilience approach by taking into account an organisation’s unique risk profile and understanding the digital assets at stake.
In developing the framework and methodology for the Arrpwere Cyber Security Assessment, we have combined international information security standards with best practice processes in cyber security, risk management, compliance, governance and people.
The Arrpwere Cyber Security Assessment is offered through Cyber Assurance Platform (CAP), an Arrpwere Cyber flagship system that provides a comprehensive view of an organisation’s cyber maturity, leading to a full Information Security Registered Assessors Program [IRAP] assessment.
NB: The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to government.
CYBER CASE STUDIES
NETWORK SUPPLY CHAIN ASSESSMENT
Arrpwere’s CEO was engaged to conduct supply chain assessments of Telstra’s and Optus’ core infrastructure. The supply chain assessment included consideration of original equipment manufacturers, location of manufacture, re-seller supply chains, maintenance arrangements, remote access by 3rd parties and carrier inter-supply chain security and testing processes.
THREAT MODELLING
Arrpwere was engaged by a client that traditionally used a compliance-based assessment model. A threat-modelling approach was proposed with focus on integration into current processes. In doing so, we ensured that the cyber security program integrated with waterfall and agile methodology, as well as infrastructure, integration and software development projects.
BUSINESS RISK MANAGEMENT
Arrpwere was engaged to conduct a thorough technical risk assessment of an client’s IT environment to enable risk identification, prioritisation and decision-making for investment in security management. We conducted document reviews, configuration reviews and interviews. Following this, we used threat modelling to identify a set of agency-specific and general feasible threats, and documented risks where the model identified inadequacies in the security controls.