stratsec

stratsec hosted close to 100 government and industry representatives at the Boathouse in Canberra on 11 August 2009 for the much anticipated Managing Risk Through Assured Products seminar; a flagship event on the stratsec calendar. The event was officially opend by ACT Opposition Leader, Mr Zed Seselja MLA; delegates at the event heard the latest developments and thinking in ICT security, featuring presentations and displays from the seven security product vendors and keynote addresses from Andrea Wood of DSD and stratsec CEO, Peter Lilley.

Each of the seven product developers are key clients of stratsec including Australian ICT developers Cocoon Data and Noggin IT and internationals including Microsoft, Juniper, becrypt, Eaglehawk, and SanDisk (representaed by Tudor Australia).

As noted by Peter in his keynote address, the seminar was very timely given the National Security Statement to the Parliament delivered by the Prime Minister in December 2008.  In that statement the Prime Minister outlined the principles of Australian National Security of which principle 7 stated:

"Australia must apply a risk-based approach to assessing, prioritising and resourcing our national security policy across Defence, diplomatic, intelligence and wider national security community." And further:

"Electronic espionage in particular will be a growing vulnerability as the Australian Government and society become more dependent on integrated information technologies. Both commercial and state-based espionage, while not visible to the public eye, are inevitable. This challenge must be met with full vigour."

Peter went on to say in his address: "The latter statement recognises the strategic importance of information technology as enabling, and increasingly as the only means of, conducting government, commercial and community business. But it also recognises its inherent vulnerability and potential to be targeted by malicious parties with varying motivations and interests.  As such, e-security must form a critical component of national security policy - and this is recognised in the national security statement.

"As information security professionals, we are well versed and experienced in the application of risk-based approaches to the design, development and deployment of information and communications technology solutions enabling government, commercial and community business upholding principle #7 of the national security statement.  This has been driven by the publication of key Australian Government security standards such as the Information and Communications Technology Security Manual (ISM/ACSI 33) which has advocated a risk-based approach to information and communications technology security since the 1990's.

"For consumers, these standards identify assured products as an important tool for managing eSecurity risk and stratsec has a long history of involvement and deep expertise in this area.  So much so, that in 2007 stratsec established the stratsec lab to perform IT security evaluations under the Australasian Information Security Evaluation Program.

"As with all things that stratsec does, we took this step with a goal to be the best at what we do.  By listening to the needs of developers and consumers we undertook to change the game and deliver assurance in IT products:

• In a timely manner
• At reasonable cost
• With a strong focus on penetration testing to discover and correct exploitable vulnerabilities.

"To this end, stratsec continues to be successful in building and broadening the range of assured products available that are:

• Current and innovative in meeting the business and security needs of organisations today
• Resilient to the range of attacks posed by a wide variety of cyber threats from criminals, hackers, activists and foreign espionage organisations
• Recognised internationally through the global security benchmark of the Common Criteria."

To complement the stratsec lab and increase the depth of our penetration testing capability, earlier this year, stratsec merged with another leading IT security consulting company SIFT - establishing one of the leading Information Security and Testing companies in Australia and the South East Asian region.

The merger has enabled stratsec to focus not only on providing consumers with assurance in IT products gained through IT security evaluation, but also on helping clients gain assurance in deployed ICT solutions through our expert penetration testing services.

The event was a first in bringing industry and government representatives from the information security community together in such a tailored format.  stratsec will continue to host such events in the future further demonstrating our research and security credentials and showcasing these to the ICT / infosec market.