Security Case Study (DaSH)
The Client Ask:
To allow the business to function whilst ensuring the platform and the data used is (proportionately) secure from attack.
Delivering successful outcomes (NIAXO’s Solution):
NIAXO’s team delivered the Data Science Hub platform on time with total confidence that it was secured appropriately to the customer’s risk appetite. The security of the DaSH platform was such that, with a few minor changes, it was easily able to accommodate the on-boarding of Personally Identifiable Information (PII) when the customer requested. NIAXO hosted NCSC for a ‘deep dive’ session into the DaSH platform. The resulting report came back with only six (6) recommendations, all of which NIAXO were already aware of and had talked NCSC through as part of the session.
An ITHC of the DaSH platform was scoped and performed in Q1 2021 with the resulting report having no findings with a risk value of 5 and only 4 with a risk value of 4 (using a scale of 1-5).
The DaSH platform was delivered aligned to NIST Cyber Security Framework.
The client was well appraised of the risks and risk mitigations throughout the delivery of a Risk Register (and supplementary documentation).
Value Added /NIAXO differentiators:
- Planned the security deliverables and risk mitigations.
- Proactively assessed the threats and risks.
- Proactively applied required security controls.
- Proactively applied monitoring tools to provide continuous assurance.
- Worked with NCSC to validate their threat and risk assessment work as well as the overall architecture.
- Created and shared numerous security policies with Test and Trace CISO Office.
- Constructed the Test and Trace Security Requirements.
What They Said:
Threat Intelligence Lead:
“Just wanted to say thank you for providing all the info and the attack maps for us. It’s rare we get this level of info back and its clear you’ve put a lot of effort into the attack maps, so just wanted to say a genuine thank you from me! This is really useful stuff!“
DaSH ITHC Application Configuration Review:
In conclusion, each application was seen to be of a high level of security, implementing a majority of security best practice.
DaSH ITHC Architecture Review:
The architecture overall was found to be very well thought out and many common attacks mitigated.