Fortifying Security: A Decade-Long Journey with Systems Thinking Limited

In commemorating a decade of collaboration, Systems Thinking Limited (STL) takes pride in contributing to the Client’s IT Security Programme. This transformative journey encapsulates a wealth of initiatives aimed at enhancing the cybersecurity posture of the client, a leading New Zealand Ministry.

A Program of Evolution

Client, in response to the dynamic threat landscape, initiated a robust IT Security Programme. STL joined forces at various levels, assuming a pivotal role in the program leadership. The focus: to infuse best practices and innovative solutions into each facet of the initiative.

Cyber Security Governance Framework

The inaugural stride involved the creation of a Cyber Security Governance Framework. This provided a structured approach to managing cybersecurity, embedding security into new systems from their inception. STL played a crucial role, ensuring adherence to international standards and conducting penetration tests for added assurance.

Cyber Security Architecture: A Vision for the Future

The program's long-term vision materializes in the form of a robust Cyber Security Architecture. STL's involvement spans from assessing high-risk assets to conducting detailed threat models. This strategic endeavor ensures not just current resilience but future-proofing against evolving threats. STL architects spearhead the integration of best practices such as ISO2700x, employing methodologies like the 'Mis-use case' approach. This approach eventually led to NZ's very first lean Security Risk Assessments (SRAs) in the public sector.

Standards Development and Internalization

STL's contribution to securing high-value assets is marked by the development of standards, aligning with the OWASP Top 10. The focus on external-facing web applications is expanding to encompass internal applications. STL is instrumental in creating a comprehensive standard library, facilitating the Ministry's shift towards securing all facets of its operations.

Empowering In-House Security Testing

A key initiative involved empowering the Ministry with an in-house security testing capability. STL pioneers a strategy that integrates security considerations early in the Software Development Life Cycle (SDLC). The team evaluates cutting-edge tools such as static and dynamic source code analysis tools and vulnerability scanners. In current context, STL will recommend more AI based tooling.

Web Application Firewalls and Security Scanners

STL took a pioneering role in evaluating Web Application Firewall (WAF) and Web Application Security Scanner (WASS) offerings, a novel approach at that time. This included developing evaluation criteria, setting up environments, and actively engaging in vendor management. The aim is to fortify the Ministry's defenses against threats like SQL injection and cross-site scripting. These solutions continue to provide an enduring capability for the Ministry.

A Holistic Approach to Information Security

STL’s involvement extends beyond technology to a holistic approach, ensuring alignment with the Cyber Security Framework. The ongoing commitment is not just about addressing immediate security concerns but creating an enduring culture of security consciousness. STL brings best practices to the forefront, making complex security issues accessible to all stakeholders.

In celebrating a decade of collaboration, STL remains committed to propelling the Client’s IT Security Programme towards new horizons. The journey is not just about technology; it's a narrative of resilience, innovation, systems thinking and a shared commitment to a more secure future. STL associates were re-hired for improving Disaster Recovery and Cyber Resilience, a testament to the quality and experience in this field.

Here's to a decade of fortifying security, and to many more years of transformative collaboration! 🚀🔒