Curtin University
Curtin University

Advisory | Technology & Cyber | Cyber Risk

We sit on Curtin University’s professional security services panel and provide them with support for a number of specialised services, including digital forensics and technology-based investigations, information governance, risk and compliance services, cyber security and security awareness training. Our team is currently working with Curtin to identify early warning and risk insights using human behavioural data science.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Community
Optus
Optus

Advisory | Technology & Cyber | Cyber Risk

We have worked with the Retail and Customer Experience (CX) division of Optus, to establish a business centric privacy and information security risk review. We have also assisted Optus with building an overall approach to effectively identify and manage ongoing Information, Security and Privacy risks and issues across the CX business.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Media & Communications
ASX
ASX

Advisory | Technology & Cyber | Cyber Awareness

We are the only non Audit firm invited by the ASX to participate in the Cyber Health Check Working Group. This is a Cyber Awareness initiative launched by the ASX in 2016 after the launch of the updated National Cyber Strategy. The initiative's objective is to raise the awareness of Cyber at the highest levels of business within Australia's Top 100 listed companies.

__Advisory__ __Cyber Awareness__ __Technology & Cyber__ Financial Services
Allianz
Allianz

Advisory | Technology & Cyber | Cyber Risk

We are offered as one of three specialist Cyber advisory teams available to Allianz Australia Cyber clients. We assist their clients to understand their current cyber risk profiles as well as deal with incidents as they arise.  We also provide ongoing support to Allianz in relation to providing eDiscovery services supporting a range of requests.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Financial Services
SunSuper
SunSuper

Advisory | Technology & Cyber | Cyber Awareness

We operate under an ongoing Master Services Agreement with Sunsuper and support them to deliver Cyber education and awareness initiatives. We provide additional Cyber incident response capacity and support as required and advise the business on Digital Forensics matters. Notably we have assisted Sunsuper in relation to their ongoing Business Continuity Plans and Disaster Recovery testing which is conducted on a regular basis.

__Advisory__ __Cyber Awareness__ __Technology & Cyber__ Financial Services
Senex Vulnerability Assessment 2020
Senex Vulnerability Assessment 2020

Advisory | Technology & Cyber | Cyber Risk

Conducted a comprehensive vulnerability assessment of the IT systems and networks of Senex Energy. This involved working closely with the organisation’s IT team, and following a systematic approach to identifying, testing and documenting any cybersecurity shortcomings in their environment. Our resulting report and recommendations have supported Senex in driving initiatives to further enhance their cybersecurity posture.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Resources & Mining
Wesley Mission Queensland – CAP 2020
Wesley Mission Queensland – CAP 2020

Advisory | Technology & Cyber | Cyber Risk

We are working with the Executive Leadership and Technology teams at Wesley Mission Queensland to plan and deploy a Cybersecurity Awareness Program. This includes conducting phishing email campaigns, developing cyber alerts and information packs, providing cyber eLearning content and tailoring content to the staff at Wesley Mission. We will provide regular reporting throughout the program, to ensure the organisation is improving their cyber awareness amongst management and staff.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Community
Project Fatigue
Project Fatigue

Adviosry | Technology & Cyber | CYBER RISK

McGrathNicol performed an independent Cyber Forensic Review for a mid-sized superannuation fund following an incident reported to APRA. Based on our forensic analysis, we assisted in determining the likelihood of an actual cybersecurity incident based on existing Indicators of Compromise. We additionally determined the appropriateness of incident remediation activities performed by the client and their supporting service providers. Our report was communicated to the Audit and Risk Committee of the client, and was also leveraged in subsequent reporting to APRA.

__Advisory__ __Technology & Cyber__ Financial Services
Club Plus Superannuation
Club Plus Superannuation

Advisory | Technology & Cyber | CYBER RISK

McGrathNicol assisted Club Plus Superannuation (CPS), a superannuation fund with over $2.9 billion under management, in developing a modern and robust Cyber Incident Response Plan along with several scenario-based Incident Playbooks. By reviewing CPS documentation and performing a series of stakeholder discussions, we helped produced a robust response plan and playbooks to not only reflect CPS’ current response and communication practices, but also to ensure the requirements set out by APRA’s prudential standard CPS 234 are met.

__Advisory__ __Technology & Cyber__ Financial Services
Precision Group
Precision Group

Advisory | Technology & Cyber | CYBER RISK

We supported Precision Group in developing a revised, fit-for-purpose Information Security Policy to reflect the organisation’s current cybersecurity practices as well as where their current gaps exist against industry best practices. Using NIST as the guiding framework, McGrathNicol produced a revised Information Security Policy for Precision Group’s adoption. McGrathNicol also undertook a gap analysis to highlight the existing gaps between Precision Group’s current policies and procedures and what is reflected in the newly revised policy.

__Advisory__ __Technology & Cyber__ Property
Project Vista
Project Vista

ADVISORY | Technology & Cyber | EDISCOVERY

Independent investigation into allegations raised by whistleblowers relating to the procurement and project management of consultants engaged to work on the delivery of a highly complex IT systems transformation project. We utilised our online web review platform to examine a large volume of data and identify relevant information in relation to the allegations and project governance.

__Advisory__ __eDiscovery__ __Forensic Technology__ __Technology & Cyber__ Financial Services
Project Esplanade
Project Esplanade

ADVISORY | Technology & Cyber | EDISCOVERY

Assisted a major Australian regional bank to prepare formal submissions prior to appearing before the Commission. We worked closely with internal and external legal advisers using our e-Discovery technology, project management expertise to identify and produce protocol compliant documents to the Commission from a data set in excess of 6.5 million documents.

__Advisory__ __eDiscovery__ __Forensic Technology__ __Technology & Cyber__ Financial Services
Large Australian retailer
Large Australian retailer

ADVISORY | Technology & Cyber | DIGITAL FORENSICS

Provision of digital forensic services to complement the retailer's internal Investigations capability. We forensically image devices such as laptops, desktops, server based data, cloud based data and mobile or tablet devices. This potential evidence is maintained by our team in a readily available state should investigation or further inquiry be required.

__Advisory__ __Digital Forensics__ __Technology & Cyber__ Retail
Cyber incident response
Cyber incident response

ADVISORY | Technology & Cyber | DIGITAL FORENSICS

Worked closely with a university to identify the impact of a cyber security incident. CERT Australia advised that a public release of the server management platform NetSarang, used by the university, had been compromised after attackers embedded a piece of malware. The vendor removed the release from their site and quickly patched the vulnerability.

__Advisory__ __Digital Forensics__ __Technology & Cyber__ Community
Cbus
Cbus

ADVISORY | Technology & Cyber | CYBER RISK

We worked with Cbus to establish an overall approach to Cyber and build ongoing resilience into their approach to, and use of, technology. This has also included conducting a Cyber Resilience Review and a number of Cyber safety and awareness initiatives addressing the People and Culture element of Cyber security.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Financial Services
Wesley Mission
Wesley Mission

ADVISORY | Technology & Cyber | CYBER RISK

Worked with the Board and Executive Leadership Team of Wesley Mission Queensland to assess their current state of Cyber resilience and provide recommendations to enhance the existing framework. We also provide ongoing support in establishing a program that continues raise awareness amongst management and staff, and enhance capability in line with their mission and values.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Community
Victorian Government department
Victorian Government department

ADVISORY | Technology & Cyber | CYBER RISK

Assisted a Victorian Government Department respond to a live cyber incident that had the potential to defraud them by infiltrating their regular payroll payment process via the use of malware and infected computer systems within their corporate IT environment. Our report set out the sequence of events that led to the incident and recommendations to improve process and controls.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Government
Project Cisco
Project Cisco

ADVISORY | Technology & Cyber | CYBER RISK

Commonwealth appointed cybersecurity expert. Our role was to support a Federal Government Agency to navigate the technical specifics of a high profile cybersecurity event, identifying and collecting relevant information in order to conduct a thorough investigation of issues surrounding the event. The matter involved tight timelines and complex third party relationships and interests.

__Advisory__ __Cyber Risk__ __Technology & Cyber__ Government
Project Fandango
Project Fandango

ADVISORY | Technology & Cyber | EDISCOVERY

Managed the review process, expediting the manual review of documents in response to an ASIC notice. The review required a deep understanding of financial markets and the ability to distinguish behaviours that could constitute market manipulation. Sophisticated technology was used to examine large volumes of data and an experienced team reviewed communications.

__Advisory__ __eDiscovery__ __Forensic Technology__ __Technology & Cyber__ Financial Services