Penetration Testing for Government: Cyber Security Solution

My name is Riaan Bronkhorst. I'm a Partner leading the Security and Privacy practice for RSM in Perth with 25 years of experience in the industry.

Government regulatory requirements require penetration testing for compliance purposes and to manage their risk and exposure to vulnerabilities.

We've noted that a lot of government agencies do not comply with these requirements, and penetration testing can help them to mature their posture relating to cybersecurity risks.

I have been asked previously, “Should my I.T. service provider perform penetration testing?”

I would highly recommend against this due to the fact that the I.T. service provider would not be objective, there would be conflicts of interest and they may not have relevant skills and experience.

With RSM we've got the relevant skills, and experience, we've got the tools, we've got the techniques, and we've got experience across various industries like for government to perform penetration testing, using relevant up-to-date technology.

There’s a perception that penetration testing is too costly to perform.

However, I would challenge that perception due to the fact that we normally work with our clients through their penetration testing program, and we perform that on a cyclical basis based on the biggest risk areas within their organisation, and we rotate that throughout a period either throughout a year, two years or three years over a cycle and then we basically focus on the key risk areas to help them to mitigate their cyber security risks.

What should a government organisation focus on first while considering penetration testing?

Well, you need to look at your risk profile. You need to understand your environment and you need to focus on the key risk areas within your environment to perform penetration testing on a targeted basis.