Assisting Client to Improve Its Security Posture Through a Security Audit
The client is an Australian energy company specialising in the exploration and production of coal seam gas (CSG) and liquefied natural gas (LNG). The company was established in 2000 and had operations in Australia and internationally, primarily focused on developing CSG reserves in the Surat and Bowen Basins in Queensland. The client was acquired by Royal Dutch Shell and PetroChina in 2010 and operated as a joint venture between the two companies. The company's main focus is to develop and commercialise its CSG reserves and to supply gas to the Australian and Asian markets through the production of LNG. Given the nature of its business, and the portability of its core IP, the client is concerned about systems security in general and theft of Intellectual Property. They engaged Pragma to review its security and provide recommendations for improvement.
The audit consisted of an initial workshop to understand the client's background, followed by an agreement on a documented standard and industry best practices. This agreement was then fulfilled by conducting on-site and off-site reviews.
A comprehensive review of the client's information security system was performed to identify vulnerabilities, assess risk, and make recommendations for improvement. The process of performing a security audit typically involves the following steps:
Information Gathering: Collection of information about the client's security policies, procedures, and technologies. We performed this via interviews, documentation review, and network scans.
Performed a Risk Assessment: We analysed the information gathered and identified potential security threats and risks to the client.
Testing: Conduct tests to validate the security of the organisation's systems, including vulnerability scans, penetration testing, and social engineering.
We prepared a detailed report of the audit findings, including a list of vulnerabilities and recommendations for improvement. The client performed remediation while we advised on any technical matters
The findings from the security audit enabled the client to understand its risks in detail and provided remediation recommendations to help strengthen its security posture. The client demonstrated compliance with good industry practices by responding to the audit findings.