Case Studies
Eire Construction – Security Assessment
Client:
Eire Construction
Industry:
Construction
Services Rendered:
Security Assessment - ASD E8 plus
About Eire Construction
Discover how Eire Constructions partnered with S5 Technology Group to assess and uplift their security maturity, aligning with an expanded Essential 8 framework and building a clear, strategic roadmap to strengthen trust and guide future investments.
Browse our services
The Challenge
- No formal alignment with security standards
- Not able to easily communicate their commitment to security
- No way to understand where to direct security investment
Eire Constructions have a long history which brings its own challenges. Systems evolve over time and standards, regulation and guidance evolve with them. Eire wanted to align their organisational security to a known and established information security framework or benchmark.
The purpose of this is to increase security maturity in the organisation, to manage information security risk, safeguard
confidential information and PII, meet regulatory requirements as well as to establish an easily communicable level of trust with their partners.
Without a current and appropriately sized security strategy, Eire were unable to establish the most effective way to direct their investment in security.
The Solution
The security team at S5 guided Eire Constructions through the process of a security maturity assessment. This commenced with a planning session where S5:
- Engaged business stakeholders
- Established the organisational objectives
- Understood organisational constraints such as timeframes and resources
- Selected the appropriate security framework and target maturity level
Our Approach
S5 and Eire selected the ASD Essential 8 framework as the basis for the assessment but used an expanded version of the basic framework, Essential 8 Plus. Essential 8 Plus, developed by S5 Technology Group, includes additional mitigation strategies, each with their own security maturity control requirements, due to their strong efficacy in mitigating
cybersecurity risk in all organisations. The scope and quality of evidence to be collected was agreed, ready for the commencement of the assessment. The expanded strategies included:
- E-mail security
- Web security
- Network segmentation
- Local admin accounts
- Continuous incident detection and response
S5 conducted the assessment through a combination of interviews with Eire personnel, 3rd parties as well as quantative testing of current security controls through a combination of automated and manual methods. The findings of the assessment, along with remediation guidance, and a roadmap of prioritised target state recommendations were collated into a comprehensive report.
The Outcome
- Understanding of current security posture
- Tangible and actionable guidance to remediate security shortfall
- Prioritised security roadmap for organisational security maturity uplift.
At the conclusion of the assessment, the Eire Constructions team were provided the assessment report which included:
- A set of prioritised and recommended initiatives for uplifting the organisational security maturity posture which formed a security roadmap for Eire.
- A detailed set of technical remediation guidance for specific items discovered during the assessment.
Eire Constructions were able to use the assessment findings to plan out their security uplift activities over the coming months to achieve their target security maturity level. As S5 continue to support Eire on this journey, Eire are able to now, not only state alignment with a well-known security standard, but that they have built on that standard to take a broader approach to security.
Eire are now able to easily communicate this commitment to information security to their partners and clients which reenforces trust in Eire Constructions
