AUTHOR
Are you concerned about the cyber security risks facing your government agency?
Do you want to ensure compliance with regulatory requirements and manage your risk and exposure to vulnerabilities?
Government regulatory requirements require penetration testing for compliance purposes and to manage risk and exposure to vulnerabilities, however a lot of government agencies do not comply with these requirements.
Join RSM’s Director of Cyber Security and Privacy Risk services, Riaan Bronkhorst as he discusses how RSM can help Government agencies to focus on their key risk areas to help them mitigate their cyber security risks.
With 25 years of experience in the industry, Riaan shares his insights on how government agencies can mature their posture relating to cybersecurity risks.
RSM has the experience across many industries, including Government to perform penetration testing using relevant, up to date technology. Learn how RSM works with clients to perform penetration testing cyclically, focusing on the key risk areas within their organisation.
READ TRANSCRIPT
My name is Riaan Bronkhorst. I'm a Partner leading the Security and Privacy practice for RSM in Perth with 25 years of experience in the industry.
Government regulatory requirements require penetration testing for compliance purposes and to manage their risk and exposure to vulnerabilities.
We've noted that a lot of government agencies do not comply with these requirements, and penetration testing can help them to mature their posture relating to cybersecurity risks.
I have been asked previously, “Should my I.T. service provider perform penetration testing?”
I would highly recommend against this due to the fact that the I.T. service provider would not be objective, there would be conflicts of interest and they may not have relevant skills and experience.
With RSM we've got the relevant skills, and experience, we've got the tools, we've got the techniques, and we've got experience across various industries like for government to perform penetration testing, using relevant up-to-date technology.
There’s a perception that penetration testing is too costly to perform.
However, I would challenge that perception due to the fact that we normally work with our clients through their penetration testing program, and we perform that on a cyclical basis based on the biggest risk areas within their organisation, and we rotate that throughout a period either throughout a year, two years or three years over a cycle and then we basically focus on the key risk areas to help them to mitigate their cyber security risks.
What should a government organisation focus on first while considering penetration testing?
Well, you need to look at your risk profile. You need to understand your environment and you need to focus on the key risk areas within your environment to perform penetration testing on a targeted basis.