Client Overview:
A medium-sized Australian company operating in both defence and commercial sectors needed
to segregate its defence-related business while maintaining compliance with Defence Industry
Security Program (DISP) cyber requirements. Their existing IT infrastructure was shared across all
business units, creating security risks and compliance challenges.
The Challenge:
The company required a secure and compliant IT environment for its defence projects while
continuing operations in its commercial division. They needed to:
- Meet DISP cyber security requirements and Essential Eight Maturity Level 2 standards.
- Isolate sensitive defence data from other business functions.
- Maintain operational efficiency without disrupting commercial activities.
The Solution: DISP Cyber as a Service
- Our DISP Cyber as a Service provided a tailored solution that included:
- Network Segmentation & Secure Tenancy – Established a dedicated Microsoft 365 tenancy for
the defence-focused business, ensuring strict access controls and complete segregation from
commercial operations. - Security Compliance Framework (Essential Eight – Maturity Level 2) – Implemented a
defence-grade cyber security strategy aligned with the Essential Eight:
◦ Application Control – Prevented unauthorised software execution.
◦ Patch Management – Ensured timely updates for applications and operating systems.
◦ Microsoft Office Macro Controls – Restricted macros to trusted sources.
◦ User Application Hardening – Disabled unnecessary web features to reduce attack surfaces.
◦ Multi-Factor Authentication (MFA) – Enforced MFA for all privileged and remote access
accounts.
◦ Restricted Administrative Privileges – Implemented role-based access control (RBAC) with
least-privilege principles.
◦ Regular Backups – Enabled automated, encrypted backups to protect against data loss.
◦ Security Monitoring & Incident Response – Integrated logging, auditing, and proactive threat
detection. - Enterprise-grade security monitoring 24/7/365, onshore using Australian citizens.
The Outcome:
- Full DISP Cyber & Essential Eight Maturity Level 2 Compliance – The defence business unit now
meets all required security controls. - Improved Data Security – Sensitive defence data is isolated, reducing exposure risks.
- Operational Continuity – The company’s commercial operations continued without disruption,
with a seamless transition to the new structure. - By leveraging DISP Cyber as a Service, the company successfully secured its defence-related
business while maintaining flexibility, security, and compliance.
