KAZ

KAZ, the ICT services arm of Telstra, is the largest Australian owned information and communications technology (ICT) company.

Audit compliance with Telstra IT security standards

Castelain was initially engaged to audit KAZ's compliance with Telstra IT Security standards, following Telstra's acquisition of KAZ. As KAZ's business model differs significantly to Telstra's, much of the policy required updating in line with how KAZ operate and their needs as an organisation.

The work that Castelain undertook for KAZ allowed KAZ to scope the work required to connect the KAZ and Telstra networks.

Integrating networks and developing security policies and other documentation

Following from the above, Castelain were re-engaged to undertake a program of work including:

designing the integration of the KAZ and Telstra networks, with particular focus on streamlining the identity management systems
further developing KAZ's IT security policies
designing a security incident management framework
producing IT security training material for staff, managers and developers.

Security assessment and planning for the separation of two business units

KAZ decided to sell their superannuation business unit, AAS and were concerned that their sensitive information may be compromised during the sale process or as a result of the separation of the two business units. They called Castelain for assistance.

Castelain began the engagement by identifying a list of KAZ's IT assets and reviewing this list with KAZ management. Castelain then performed a Threat and Risk Assessment. We worked with KAZ to prioritise the identified threats and created a Risk Mitigation Plan. This defined the scope of work to follow. Following on from this, we worked closely with the KAZ business and technical teams to design and implement the chosen controls. One of the primary outputs of the project was a comprehensive set of audit records, allowing KAZ to prove the consistent and considered approach taken throughout the sale process.