Major Australian retailer

System security and policy initiatives

Castelain was engaged by one of Australia’s largest retailers, who operate food and grocery stores, liquor stores, petrol stations, general merchandise and consumer electronics stores.

With such a large and diverse range of products, services and people, our client faces the ongoing challenge of maintaining system security while meeting the ever-changing needs of the business.

  • Castelain co-developed templates to be used for Threat and Risk Assessments (TRAs) and for IT Security Plans.  These were based on AS 4360, and incorporate many of the principles described in ISO/IEC 27001 and ACSI 33.  Our client can now ensure that TRAs are performed in a consistent manner across the organisation, and that projects consider security threats and address them in a considered and structured way.
  • Our client was implementing a major new system affecting the entire organisation.  They evaluated multiple potential solutions, and needed to be sure that their unique security requirements were considered.  Castelain worked with the client to identify their security requirements, and to document them in a way that could be used in a Request For Tender (RFT) process.  Castelain was then involved in the RFT evaluation process, scoring the responses to the security questions and identifying potential issues.  This allowed our client to make their product decision based on all of the facts – resulting in a superior solution for the business.
  • Castelain has been engaged by different project teams within the business to perform TRAs and to define and document various projects’ IT Security Plans.  Typically, Castelain is engaged during the design phase, so that potential security design issues are identified and resolved early.  We talk to all areas of the business that may be affected by the project to gain a deep understanding of the proposed solution, the impact on each area of the business, and to identify potential security threats.  We work with their IT security and project teams to evaluate threats, and to document controls in a clear and concise way.  This allows our client to focus on their core business, safe in the knowledge that their systems are secure.