Topic: Building cyber resilience enhances trust among parents, students and staff at a private Queensland school.
Executive Summary
This case study details the services White Rook Cyber provided to Sheldon College, designed to help them understand where their potential security vulnerabilities may reside. By leveraging robust offensive security methods and techniques, the engagement identified vulnerabilities within their environment and recommended mitigation steps to improve their cyber security. The consultant’s comprehensive approach, encompassing a variety of attack methods, culminated in a report to serve as a building block for Sheldon College’s cyber security roadmap.
Circumstance
Sheldon College engages in regular testing and assessments of its environments to ensure that all systems are adequately protected from intrusion, misuse, and fraud. This includes offensive security testing, such as penetration testing, to identify potential exploitable vulnerabilities. The findings of these engagements are included in the ongoing remediation activities and associated security maturity uplift plans.
Action
White Rook Cyber conducted comprehensive penetration testing services, including:
1. Internal Penetration Testing: Conducted extensive onsite internal penetration testing of the Sheldon College Environment. This testing assesses the security of the on-premise infrastructure, including Microsoft Active Directory.
2. External Penetration Testing: Performed a comprehensive external penetration test of the Sheldon College environment to determine cyber security risks, focusing on uncovering external ingress routes attackers may exploit.
3. Wi-Fi Penetration Testing: Assessed the Wi-Fi environments for security vulnerabilities that would allow an attacker to gain access to the internal college environment.
4. Report and Debrief: The findings and recommendations were compiled into a detailed report, supplemented by risk ratings and mitigation actions for the Sheldon College IT team.
Result
White Rook Cyber’s engagement culminated in a pivotal report detailing and debriefing session. This provided Sheldon College with a critical view of its current cyber security posture and recommended mitigation actions, helping the college to prioritise and target its activities most effectively.
Details on the recommendations provided to the college cannot be revealed as it may expose the nature of the findings. However, each recommendation included detailed steps for remediation along with support documentation for the software provider to support the remediation, allowing for rapid remediation of any critical and high-risk findings.
Ethical Behaviour
White Rook Cyber commitment to integrity underpinned the trust and transparency of the penetration test. Penetration testing, by its very nature, requires a high degree of trust between both the client and supplier. To ensure the highest standards of ethical behaviour, White Rook Cyber’s offensive security consultants abide by industry best practices for during all engagements, ensuring accountability and transparency.
Sustainability
White Rook Cyber is committed to achieving excellence in our environmental and social performance while delivering our suite of cyber security services. We recognise the importance of incorporating Environmental, Social, and Governance (ESG) practices into our business operations to optimise reuse and recycling efforts and be responsible corporate citizens. White Rook Cyber has an environmental best practice policy that outlines our commitment to sustainable practices and our approach to minimising our environmental footprint. The team adhered to our environmental best practice policy throughout the course of the engagement.
Conclusion
The partnership between White Rook Cyber and Sheldon College exemplifies the importance of proactive cyber security measures in safeguarding sensitive information and organisational integrity. Through rigorous internal, external, and Wi-Fi penetration testing, White Rook Cyber successfully identified potential vulnerabilities within Sheldon College’s infrastructure, empowering them to make actionable recommendations for mitigation, thereby enabling Sheldon College to prioritise and implement targeted strategies effectively. Importantly, the commitment to ethical behaviour throughout the engagement underscores the trust and transparency essential for successful cyber security collaborations. Moving forward, the insights gleaned from this engagement will serve as a cornerstone for Sheldon College’s ongoing efforts to fortify its defences against emerging cyber threats, ensuring a resilient and secure digital environment for all stakeholders involved.
