Contents
- Guidance and Support
- Technical Platforms
- Cyber Security
- Active Directory Password Review
- Vulnerability Assessment
- Vulnerability Management Review
- Active Directory Vulnerability Assessment
- Policy Mapping to Industry Standards
- Australian Cyber Security Centre E8 Gap Analysis
- Phishing Simulation and Assessment
- Incident Reporting Portal (IRP)
- Critical Incident Response
- Security Advisories
- Automated Indicator Sharing
- SIEM Health Monitoring
- Incident Triage Assistance
- Detection Analytics Health Monitoring
- Detection Gap Analysis
- External Attack Surface Monitoring
- Vulnerability Monitoring
- Threat Hunting
This Service Catalogue outlines current services available to WA ºÚÁÏÕýÄÜÁ¿ agencies to assist with digital transformation and improve maturity, resiliency and data driven decisions.
Guidance and Support
Digital Capability Fund Engagement
The Digital Capability Fund (the Fund) is administered by the Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov). DGov collaborates with the Department of Treasury (Treasury) as appropriate.
DGov provides general advice on concept developments and informal feedback on draft proposals prior to being submitted to the Fund. DGov and Treasury jointly provide feedback to agencies on successful and/or unsuccessful proposals that were assessed through the Fund.
Service Type: On Demand
Time to commission service: Feedback or advise response times are dependent on resource availability and complexity of the query or submitted draft business case documents.
Methodology:
- An agency that is developing a proposal that requests funding from the Fund, should inform themselves on the relevant policies and requirements by referring to the ‘Important Links’ below.
- You may also reach out to DGov for the following:
- General advice on concept development;
- Informal feedback on draft proposals;
- Feedback on successful and/or unsuccessful proposals that were assessed through the Fund.
- The Office of Digital ºÚÁÏÕýÄÜÁ¿ reviews the draft business case or any information provided and organises a meeting to provide verbal feedback and/or advice.
- Where required, the Office of Digital ºÚÁÏÕýÄÜÁ¿ may connect you with other units for further concept development assistance.
Outcome:
- The proposal submitted to the Fund is in alignment with the Fund criteria and relevant whole of government policies.
- The agency understands why they were unsuccessful and how to improve their submission for the next cycle, should they want to resubmit.
Benefit to the Agency:
The agency receives clear and tailored advice that addresses the Fund criteria and outlines any missing or incomplete information.
Important Links:
Strategic Asset Management Framework
Contact details:
Public Sector Digital Graduate Program
The Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) administer the Public Sector Digital Graduate Program (the Program), which consists of two components, being a graduate program and a work integrated learning program. The Program will focus on in-demand ICT specialised areas, such as data science, cyber security, etc. Both components complement each other to create diverse and compelling opportunities for tertiary students and graduates, that leverages agencies’ existing work streams, to create an attractive option for employment in the public sector.
Service Type: On Demand.
Time to commission service: Dependent on timing, applicants, and resources. Programs start once or twice per year.
Methodology:
- An agency that wishes to participate in the program may reach out to DGov.
- DGov will organise a meeting to understand the agencies requirements.
- The agency will be invited to join the working group.
- The agency will be required to formally commit to participating in the program, including creating and quarantining positions for any required graduates.
- Graduates and interns will be assigned to agencies. Graduates will complete three four-month rotations; interns will complete 10-12 weeks placements
Outcome:
Improved ICT skills and growth of digital capabilities across the public sector.
Benefit to the Agency:
This program provides the agency access to ICT graduates that can otherwise be difficult to attract. It also reduces the burden of managing and establishing their own internal graduate program.
Contact details:
digitalgradprogram@dpc.wa.gov.au
ICT Support Delivery
The ICT Support Delivery Team drives ICT program and project delivery across government, provides specialised technical skills and can help direct individual projects as needed. They have two primary functions:
1. Project co-delivery: Resources will be embedded in an agencies project team for a specific period of time to deliver critical stages of the project or for the life of the project.
2. Project assurance: Resources will be able to assist or direct projects that are off track either at agencies request or at the direction of the Minister for Innovation and the Digital Economy and/or the Digital Capability Fund Steering Committee.
Service Type: On Demand.
Time to commission service: Dependent on complexity, priority and resource availability.
Methodology:
1. An agency may be allocated ICT resources to an initiative that:
a. Has reported a red or amber status rating
b. Has requested assistance to address any resource or skill shortage
c. Is subject to ICT resource assistance as a condition for funding though the Fund
d. Has a particular strategic importance or risk profile
2. DGov will organise a kick-off meeting between the agencies to determine roles, responsibilities and assistance requirements.
3. Upon completion of agreed resource allocation, DGov will reassess the agencies circumstances to determine if the time is to be extended or if the resource will return to DGov.
4. ICT resource to provide a summary report outlining:
a. Timeline of events
b. Results of engagement
c. Findings and Recommendations
d. Conclusion summary
Outcome:
1. The initiative will be reporting an improved status rating (either green or amber).
2. The agency will have received the ICT resource or skill required for the initiative.
3. The condition for funding has been met.
Benefit to the Agency:
• The Agency is provided with the resources and skills required to deliver programs and/or projects.
• The Agency has access to specialised ICT skills, which would otherwise be difficult to procure.
Contact details:
Technical Platforms
ServiceWA App
The ServiceWA App (the App) allows users to access WA ºÚÁÏÕýÄÜÁ¿ services in one convenient location. The Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) is responsible for the App and the roadmap of services, and manages the onboarding of agency services into the App.
The App supports agencies to leverage the State ºÚÁÏÕýÄÜÁ¿â€™s commitment to digital transformation and provide services to the public in one central location.
Service Type: On Demand
Time to commission service: As agreed during onboarding.
Methodology:
- An agency may contact DGov to request a service be onboarded onto the App
- DGov will provide an on boarding pack which outlines the scoping process, responsibilities of both agencies and onboarding journey.
- Where it is agreed to proceed, DGov will work with the agency to understand requirements including determining the funding required.
- The onboarding process includes the following stages:
- Discovery
- Development
- Testing
- Pre-deployment
- Deployment
- Post-deployment
- On-going support (where required).
Outcome:
The Agency’s service is offered through the App, providing another channel for individuals and businesses to access government services.
Benefits to the Agency:
- The Agency has an additional avenue to deliver convenient and secure online services and information.
- The Agency is not required to complete any App development procurement activities.
- The Agency does not have to develop and manage their own App.
- The Agency can increase savings and efficiencies by reducing duplication and use of more costly channels.
- The Agency’s customer can more easily find and access services through the whole of government App than through disparate websites and/or physical locations.
Important Links:
Contact details:
WA Digital ID exchange
The WA Digital ID Exchange (WDIE) is an identity solution that will enable citizens to use a single identity to access many government services across WA agencies. There will be no need for citizens to remember multiple usernames and passwords for different online services and no need for agencies to build or maintain their own identity solutions.
Service Type: On Demand
Time to commission service: 3 months
Service Desk support: As agreed with onboarding service.
Methodology
Onboarding to the WA ID Exchange platform:
- Request use of service via an email to support@wa.gov.au
- Pre-engagement meeting to discuss agency’s requirements, and platform offerings, and providing the relevant onboarding documentation to the agency.
- Sign a Memorandum of Understanding and Product Schedule committing agencies to use the platform.
- Agencies submit the onboarding documentation.
- The Office of Digital ºÚÁÏÕýÄÜÁ¿ configure agency’s environment to access WDIE.
- Agencies use the configurated link to either provide Digital Identity service or verify user’s identity.
- A Service Desk is available to assist with additional queries from agencies.
Outcomes
Agencies digital services can utilise the WA ID Exchange to gain access to existing digital identity providers. This means the agencies no longer have to maintain their own user names/password and that their customers can use the same Digital ID to log in to multiple agencies’ digital solutions.
Benefits to the Agency
- Compliance with government digital standards and collaboration on digital maturity.
- Improved efficiency and lower operating cost and risk – no need to maintain expensive agency specific identity systems.
- Faster to deliver new digital services – you can quickly connect new digital services to the existing Digital ID Ecosystem.
- Uniform customer experience across agencies,
- Reduced risk of compromise to privacy data, since the agency no longer need to collect ID documents for identity proofing purposes.
Contact details: support@wa.gov.au
Smart Form Platform
DGov recommends JotForm, a Software as a Service (SAAS) product as its Smart Form platform. Jotform is a sophisticated digital form platform designed for building online forms for WA.gov.au and other online applications. It offers an interactive page that emulates a paper document or form where users can fill out details including a combination of form elements such as a text boxes, checkbox, and a submit button.
The Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) has an Enterprise Agreement with Jotform on behalf of WA ºÚÁÏÕýÄÜÁ¿ that can be leveraged by agencies.
Service Type: On Demand
Time to commission service: Typically available 1-2 weeks from request dependent on resource availability.
Service Desk support: Business hours
Methodology
To request access to the Smart Form platform:
- Reach out to support@wa.gov.au and request a quote.
- Sign a Memorandum of Understanding and Product Schedule committing agencies to use the Smart Form Platform.
- Once you've received a quote, respond, and approve quote in writing.
- Access is granted to the Smart Form platform.
- Jotform Service Desk is available to assist with additional queries from agencies.
Outcomes
- Allows for more sophisticated transactions online, enabling form owners to create and maintain forms conveniently without relying on technical resources.
Benefits to the Agency
- Easy to use
- Security
- Low Cost
- Reliability / Reputation
- No minimum license requirements
- Leveraging the whole-of-government existing agreement with Jotform
- Easy cross-agency collaboration
- Access to exclusive ABN lookup widget
- Single-Sign-On (SSO) with Multi-Factor Authentication (MFA) in place with no additional cost
- Data centre in Sydney shared only with WA ºÚÁÏÕýÄÜÁ¿ agencies subscribing through DGov
- Free data collaborator account to access submission tables of each form
Contact details: support@wa.gov.au
PeopleWA (Whole of ºÚÁÏÕýÄÜÁ¿ Data Linkage Asset)
PeopleWA is a powerful new linked data asset managed by the Data Unit in the Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) that drives evidence-based medical research, policy development and government service improvement. Launched in August 2023, it contains de-identified linked data about individuals’ contact with services across government – including from the Departments of Communities, Education, Health, Justice (including the Registry of Births, Deaths and Marriages) and the Western Australia Police Force – to create richer, more comprehensive datasets.
The Department of Health (Health) undertakes data linkage for PeopleWA in a safe, privacy-preserving environment. DGov hosts linked data from participating agencies, coordinates applications for access to PeopleWA and provides access to data via a secure e-research platform.
Service Type: By application
Time to commission service: Dependent on the scope and complexity of applications
Methodology:
- Agencies provide demographic data (identifiable data about individuals) to Health and content data (non-identifiable service data about individuals’ interactions with government) to DGov. This is called the ‘separation principle’ and ensures that no party has access to both personal identifying information and content data, to protect individual privacy.
- Health de-identifies the demographic data and generates encrypted linkage keys, which are provided to DGov.
- DGov integrates de-identified PeopleWA data utilising the encrypted linkage keys and agency content data.
- Entities (government agencies, not-for-profit organisations and researchers) seeking access to linked data in PeopleWA can apply to DGov, via an online application system to be launched in August.
- DGov will:
- Receive, review and assess all applications for access to linked data via PeopleWA;
- Work with applicants to refine applications, if required;
- Coordinate the review of applications by all relevant data custodians; and
- Provide access to de-identified data in a highly secure e-research environment. Data cannot be removed from this environment.
- Agencies that want to provide data to PeopleWA can fill in an ‘additional datasets form’ by contacting the PeopleWA team at peoplewa@dpc.wa.gov.au.
Outcome:
WA ºÚÁÏÕýÄÜÁ¿ agencies, researchers and not-for-profit organisations can securely utilise rich, linked government data to inform and evaluate policy and investment decisions, and service delivery.
Benefit to the Agency:
PeopleWA data will support government and its stakeholders to tackle the most complex social, health, environmental and economic issues facing Western Australia in a more targeted and strategic way. ºÚÁÏÕýÄÜÁ¿ agencies can utilise linked data to evaluate whether policies and programs are working, measure the effectiveness of preventative and early intervention strategies and better target investment.
Important Links:
Contact details: peoplewa@dpc.wa.gov.au
WA.gov.au Content Management System (CMS) Platform
WA.gov.au is WA ºÚÁÏÕýÄÜÁ¿â€™s central access point to whole-of-government citizen-focused digital services, bringing together WA ºÚÁÏÕýÄÜÁ¿ information from various agencies into a single location, allowing citizens to easily find and access services.
WA.gov.au has been designed to meet universal accessibility standards, ensuring that everyone who needs the service can use it. The goal is to improve access to digital services for all Western Australians, including those with disabilities, living in remote areas, people with diverse cultural backgrounds and people using different devices such as smartphones.
Service Type: On Demand
Time to commission service: Typically, available 1-2 weeks from request dependent on resource availability
Service Desk support: Business hours
Methodology
Onboarding to the WA.gov.au CMS platform:
- Request use of service via an email to support@wa.gov.au
- Pre-engagement meeting to discuss offerings of the CMS platform and identify any additional requirements
- Register for WA.gov.au CMS Training
- Sign a Memorandum of Understanding and Product Schedule committing agencies to use the platform.
- Agencies must ensure that their content complies with the Digital Service Policy Framework.
- Agency can commence transitioning relevant content to the CMS platform and publish at any time.
- A Service Desk is available to assist with additional queries from agencies, as well as granting users access.
Outcomes
- Consistent user experience
- Mobile responsive design
- Focus on accessibility and inclusivity
- Easier for consumers to find information and transact with ºÚÁÏÕýÄÜÁ¿ based on a ‘one ºÚÁÏÕýÄÜÁ¿â€™ approach to service delivery and allows for better integration across government.
Benefits to the Agency
- Reduced ICT costs – savings generated by moving onto the WA.gov.au platform can be reinvested at the discretion of the agency. ​
- Reduced operational risks to the agency.
- Compliance with government digital standards and collaboration on digital maturity.
Important links: WA.gov.au - Bringing the WA ºÚÁÏÕýÄÜÁ¿ to you
Contact details: support@wa.gov.au
Have your Say
The ‘Have Your Say’ feature on WA.gov.au provides a central place for the public to find WA ºÚÁÏÕýÄÜÁ¿ consultations that are happening across the state and offers opportunities for the public to share ideas and opinion on projects, services and government policy.
Service Type: On Demand
Time to commission service: 1-3 months
Cost of service: Varied depending on complexity.
Service Desk support: Business hours
Methodology
Onboarding to the Have Your Say platform:
- Request use of service via an email to support@wa.gov.au
- Pre-engagement meeting to discuss agency’s requirements, and platform offerings.
- Sign a Memorandum of Understanding and Product Schedule committing agencies to use the platform.
- Attend training.
- A Service Desk is available to assist with additional queries from agencies.
Outcomes
- Provide a central display for the citizen to view all current and past WA ºÚÁÏÕýÄÜÁ¿ consultations.
Benefits to the Agency
- Consultations receive higher citizen exposure
Benefits to the users
- Simpler to discover consultations that are relevant to them
Contact details: support@wa.gov.au
Web platform hosting-only service
The Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) offers Amazon S3 (Simple Storage Service) Static Hosting solution for agencies requiring campaign or promotional websites, or agencies requiring a level of separation from ºÚÁÏÕýÄÜÁ¿, such as independent entities and statutory authorities.
Amazon S3 is a cloud-based storage service offered by Amazon Web Services (AWS). It provides a highly scalable and reliable platform for storing and retrieving any type of data.
S3 can be used to host static websites as well, meaning that you can use it to store and serve web content such as HTML, CSS, JavaScript, and images.
Overall, S3 hosting is a reliable, scalable, and cost-effective solution for hosting static websites and storing any type of data in the cloud.
Service Type: On Demand
Time to commission service: Typically, available 1-2 weeks from request dependent on resource availability
Service Desk support: Business hours
Methodology
To request S3 hosting:
- Request use of service via an email to support@wa.gov.au
- Pre-engagement meeting to discuss agency’s requirements.
- Sign a Memorandum of Understanding and Product Schedule committing agencies to use the web platform hosting-only service.
- Provide a domain name at which you can use to view the hosting.
- Attend training on how to upload content to the S3 hosting.
- Agencies have the freedom to publish content on the S3 hosting whenever they want.
- A Service Desk is available to assist with additional queries from agencies.
Outcomes
- A highly scalable, available, cost-effective, and secure web hosting service for agencies.
Benefits to the Agency
- Reduced ICT costs – savings generated by using the web platform hosting-only service can be reinvested at the discretion of the agency. ​
- Reduced operational risks to the agency.
- Augment agency capability where it doesn’t otherwise exist.
Important Link: Amazon Web Services CUAAWS2020
Contact details: support@wa.gov.au
WA Domain Name Administration
The Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) is the Domain Provider for the Western Australian (WA) ºÚÁÏÕýÄÜÁ¿, and has the delegated authority to assess individual domain name applications for the WA ºÚÁÏÕýÄÜÁ¿.
The WA ºÚÁÏÕýÄÜÁ¿ domain (.wa.gov.au) is reserved for use by entities within the WA ºÚÁÏÕýÄÜÁ¿.
DGov as the WA Domain Name Administrator (WA DNA) has responsibility for the following:
- Delegated authority for the wa.gov.au domain name registration and renewal.
- WA representative to the Federal ºÚÁÏÕýÄÜÁ¿ Department of Finance’s ºÚÁÏÕýÄÜÁ¿ Domain Name Administration Team for all matters relating to Australian ºÚÁÏÕýÄÜÁ¿ domain governance.
Service Type: On Demand
Time to commission service: Typically, available 1-2 weeks from request dependent on resource availability
Service Desk support: Business hours
Methodology
Two channels to seek assistance from WA Domain Name Administration Team:
- Complete the on domainname.gov.au website; or
- Email your request to dna@wa.gov.au
Outcomes
- Compliance to WA Domain Name Standard, , and .
- Enforce the use of wa.gov.au in the Western Australian public sector.
- Reduce proliferation of domain names.
- More streamlined flow and coordinated approach in the governance and management of wa.gov.au domain.
Benefits to the Agency
- Support in obtaining and maintaining wa.gov.au domains for their websites, apps, and digital services.
- Conduit of receiving information and updates from Federal ºÚÁÏÕýÄÜÁ¿â€™s Department of Finance’s ºÚÁÏÕýÄÜÁ¿ Domain Name Administration Team in relation to wa.gov.au domain and other relevant matters (such as corresponding .au domain name).
- Free service for agencies through centralised government funding.
Contact details: dna@wa.gov.au
GovNext Management Service
The Office of Digital ºÚÁÏÕýÄÜÁ¿ (DGov) manage the GovNext Common Use Arrangement (CUA). This includes providing support and advisory services to agencies and managing the contractors.
GovNext has achieved its objective of moving State ºÚÁÏÕýÄÜÁ¿ Agencies from purchasing ICT infrastructure to an ICT services consumption model. The GovNext contract term will expire in April 2024 and the Department of Finance is currently developing replacement buying arrangements.
Service Type: On Demand
Time to commission service: Typically, within 1 to 3 days.
Methodology:
- An agency may contact DGov for assistance with:
- Buying services under the CUA
- Completing order forms
- Contractual questions and issues
- Order changes and extension of orders
- Exemptions and Policy Approvals
- Transition and decommissioning queries (to be moved to Department of Finance by midyear 2024).
- DGov will create a new case in the Case Relationship Management (CRM) for the agencies query.
- DGov will contact the agency either by email or phone. If required, a meeting may be organised to discuss the query in further detail.
Outcome:
The agency's query has been actioned and resolved.
Benefit to the Agency:
The Agency is informed on how to buy services through the CUA and how to use the order forms. There is also a reduced burden for the agency as the contractors and their contractual obligations, including insurance requirements, are managed by the Team.
Important Links
GovNext ICT Products and Services Assist Cloud Transition
Contact details: Govnext-dpc@dpc.wa.gov.au
Cyber Security
Active Directory Password Review
An Active Directory (AD) password review involves retrieving password hashes stored and using tools which attempt to convert the passwords into plaintext format. This procedure identifies weak passwords which may be exploited through malicious attack which may lead to confidentiality, integrity and availability of the network being compromised.
Service Type: On Demand
Time to commission service: Typically, available 4-6 weeks from request dependent on resource availability
Methodology
The AD Password Review methodology includes:
- Pre-engagement meeting to define the scope activities and obtain permission to perform the password review
- Extract the required files from the agency AD
- Anonymise the account data and remove any personally identifiable attributes including usernames and Security Identifiers (SIDs)
- Crack the passwords by comparing them with a list of known password hashes and rulesets
- Provide a report identifying vulnerabilities and provide mitigation strategies
- Meet to discuss the mitigation strategies and further work
Outcome
The final report will include the following:
- Summary of results
- Detailed findings and recommendations
- Analysis of user behaviour based on historic passwords cracked
- Source and analysis files
Where necessary, additional information will be provided.
Benefits to the Agency
Password review seeks to provide the agency with the following benefits:
- Identify any weaknesses in the agency’s current password policy
- Identify commonly used and easily guessed password
- Provide actionable suggestions to the agency
- Encourage stronger authentication policy and practices
Contact details: cybersecurity@dpc.wa.gov.au
Vulnerability Assessment
A vulnerability assessment (VA) identifies potential vulnerabilities within the scope of assessment. Identified vulnerabilities can potentially be exploited through a malicious attack, leading to degraded performance or a data breach. Detected vulnerabilities may be caused by poor configuration or a lack of regular software maintenance (patching).
Service Type: On Demand
Time to commission service: Typically, available 4-6 weeks from request dependent on resource availability
Methodology
The VA methodology includes:
- Pre-engagement meeting to discuss the scope, pre-requisites, and suitability of the project
- Run the vulnerability scanner application including YARA rules for malicious file detection
- Review findings and report results
- Exit meeting
Outcomes
The outcomes of a vulnerability assessment include:
- Summary of results
- Assessment scope
- Assessment objectives and methodology
- Findings and recommendations
Benefits to the Agency
A VA seeks to provide the agency with the following benefits:
- Prevent data loss by identifying and addressing vulnerabilities
- Inventory and audit devices to allow upgrades to be prioritised and identify assets needing further assessments
- Provide tangible vulnerability and control effectiveness data allowing for a more informed approach to risk management
- Identify areas of non-compliance with the Australian Cyber Security Centre (ACSC) Essential 8
- Identification of externally accessible devices and networks
- Identification of exposed confidential information
- Identification of login pages without multi-factor authentication
Contact details: cybersecurity@dpc.wa.gov.au
Vulnerability Management Review
The primary objective of implementing a vulnerability management process is to detect and remediate vulnerabilities in a timely manner. The purpose of this review is to improve the efficiency and effectivity of existing vulnerability management policy and processes in place.
Service Type: On Demand
Time to commission service: Typically, available 4-6 weeks from request dependent on resource availability
Methodology
The vulnerability management review methodology includes:
- Pre-engagement meeting to discuss the scope (including critical infrastructure) and pre-requisites and suitability of the project
- Interviews with security personnel in charge of vulnerability management
- Review of existing vulnerability scans
- Support agencies in configuring the vulnerability scanner application to run YARA rules for malicious file detection
- Review findings and report results
- Exit meeting
Outcome
The outcomes of a vulnerability management review include:
- Summary of results from interviews
- Summary of results from existing vulnerability scans
- List of externally exposed infrastructure and potentially sensitive data
- Findings and recommendations for vulnerability management practices
Benefits to the Agency
A vulnerability management review seeks to provide the agency with the following benefits:
- Defining or adjusting a well-defined process in place
- Assist in providing an agency with a continuous view of the risk associated with the presence of vulnerabilities existing
- Identify critical infrastructure to be scanned regularly
- Inventory and audit devices to allow upgrades to be prioritised and identify assets needing further assessments
Identify areas of non-compliance with the Australian Cyber Security Centre (ACSC) Essential 8
Contact details: cybersecurity@dpc.wa.gov.au
Active Directory Vulnerability Assessment
Active Directory (AD) plays an essential role in authenticating, managing, and granting permissions to users and devices on a network through a hierarchical structure. AD is the primary user directory and authentication provider in most Windows networks. If an attacker is able to gain access to the AD, they may be able to access sensitive information systems and information.
The AD VA will assess existing AD configuration to highlight insecure management practices and policy settings. Common issues include but are not limited to:
- Inappropriate management of accounts, privileged accounts, and security groups
- Inadequate policy restrictions
- Inappropriate infrastructure management
- Active legacy settings
- Improper configuration of settings and services
Service Type: On Demand
Time to commission service: Typically available 4-6 weeks from request dependent on resource availability
Methodology
The Active Directory VA methodology includes:
- Engagement meeting to discuss the scope and pre-requisites and suitability of the project
- Schedule an appropriate time to gather information identifying to identify weaknesses and misconfigurations
- Submit a report identifying vulnerabilities and provide mitigation strategies
- Exit meeting to discuss the findings and mitigation strategies
Outcome
The outcomes of an Active Directory VA include:
- Summary of results
- Detailed findings, analysis, and recommendations
Benefits to the Agency
Performing AD VA seeks to provide the agency with the following benefits:
- Identify weaknesses in user management policy and processes
- Identify conflicting policies leading to unexpected security settings
- Identify legacy settings which may leave the AD vulnerable
- Provide an overview of the AD structure and current state
Contact details: cybersecurity@dpc.wa.gov.au
Policy Mapping to Industry Standards
Policies are a vital part of an organisation as they provide guidelines to ensure that all information technology users adhere to the rules that apply within the organisation. Policy Mapping to industry standards will help align the agency’s policy to industry good practice and identify gaps between the agency’s current policies and the standards set by recognised organisations. It can also assist in identifying controls for inclusion in the Information Security Management System (ISMS).
The mapping process uses controls that are mentioned in several industry certifications/standards published by recognised organisations such as:
- International Standards Organisation (ISO27001)
- National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
- Australian Signal Directorate’s Essential 8 (ASD E8)
Service Type: On Demand
Time to commission service: Typically, available 4-6 weeks from request dependent on resource availability
Methodology
The policy mapping methodology includes:
- Pre-engagement meeting to discuss the scope and pre-requisites and suitability of the project
- An evaluation of the agency’s current policies
- Identify suitable controls from multiple certifications / standards published by recognised organisation
- Mapping of appropriate controls into the agency’s policy
- Exit meeting to discuss the findings and mitigation strategies
Outcomes
The outcomes of policy mapping include:
- Summary of Results
- Assessment Scope and Methodology
- Assessment Objective and Findings
Benefits to the Agency
The outcomes of policy mapping include:
- Align an agency’s policy to industrial good practices
- Identify gaps within the agency’s policy
- Identify controls for inclusion in an ISMS
Contact details: cybersecurity@dpc.wa.gov.au
Australian Cyber Security Centre E8 Gap Analysis
The ACSC Essential Eight are technical security controls designed to quickly bolster agency networks against modern cyber threats. Agencies are required to report on the 8 controls and report on their implementation to DGov.
Service Target: On Demand
Time to commission service: Typically available 4-6 weeks from request dependent on resource availability
Methodology
The gap analysis methodology includes:
- An assessment of the design of an agency’s current controls
- Identify gaps between the current state and the Essential Eight maturity levels
- Evaluate the effectiveness of current controls
- Outline controls that need to be in place to protect the agency’s infrastructure
- Exit meeting to discuss the findings and mitigation strategies
Outcomes
The outcomes of an Essential Eight gap analysis include:
- Summary of results
- Assessment scope and methodology
- Assessment objective and findings
- Recommendations
Benefits to the Agency
An Essential Eight gap analysis seeks to provide the agency with the following benefits:
- Clarity of the current state of controls
- Identified areas of improvement to address risk
- Guidance for Essential Eight mandatory reporting
Contact details: cybersecurity@dpc.wa.gov.au
Phishing simulation and Assessment
The last line of defence for an agency against an intrusion is the end user. It is important to train the user to detect and respond appropriately to various threats that they may face. DGov provides agencies with access to training and awareness content and testing methodologies to ensure continual improvement of the staff’s awareness.
Service Type: On Demand
Time to commission service: Typically, available 4-6 weeks from request
Methodology
The methodology includes:
- Pre-engagement meeting to discuss the scope, pre-requisites, and suitability of the project
- Test the phishing simulation to check the various technical controls in place which may block the simulation
- Run the phishing simulation
- Provide a report on the overall performance and provide training content
- Support agencies in setting up their own infrastructure for future testing
- Exit meeting
Outcome
The outcomes of a phishing simulation include:
- Summary of results
- Training advice to address any issues identified in the simulation
- Potential capability to run phishing simulations in the future
- Findings and recommendations
Benefits to the Agency
A user awareness exercise seeks to provide the agency with the following benefits:
- Prevent data loss by assisting users in detecting potential social engineering attacks
- Provide the IT staff with tangible information to understand the risk of social engineering attacks in their environment
- Provides a methodology for continuous monitoring and improvement
Contact details: cybersecurity@dpc.wa.gov.au
Incident Reporting Portal (IRP)
The cyber security incident reporting portal provides a secured login for the community to report cyber incidents and enable coordination of incident response activities.
Service Type: Ongoing
Time to commission service: On request
Service Target: See Critical Incident Response.
Agency Responsibilities: Report all known or suspected incidents within 24 hours. Review any WA SOC advisories and assess whether there is an impact to the Agency's systems and data in their custody.
Cyber Security Policy Areas: 4. Detect, 5. Respond
Methodology
Cyber incidents are classified and coordinated by the WA SOC under the and aligned to practices. Incidents may be reported automatically (see Incident Triage Assistance) or manually. Agencies should refer to the in the absence of an internal cyber incident management process.
Contact details: cybersecurity@dpc.wa.gov.au
Critical Incident Response
Cyber Security Incidents are managed under the . Agencies should ensure their cyber security incident response processes include appropriate detection, containment, and eradication procedures. The WA SOC recommends following the in the absence of well tested, up to date agency specific playbooks.
Service Type: Ongoing
Time to commission service: On request
Service Target: Calls to 1800 922 923 (1800 WA CYBER) regarding Significant Cyber Incidents or Cyber Crises are responded to within 1 hour.
Agency Responsibilities: Ensure agency staff involved in cyber incident response are aware of the . Call the WA SOC and escalate relevant incidents within 24 hours of detection.
Cyber Security Policy Areas: 5. Respond
Methodology
The WA SOC will trigger critical incident response coordination activities using information recorded in the IRP, including WA Police and ACSC liaison where relevant. WA SOC resources will be allocated to response activities until risks reach an acceptable level
Contact details: cybersecurity@dpc.wa.gov.au
Security Advisories
Publish timely security advisories using third party and internally-generated data sources and threat information. Note: Management of agency specific industry, legal, or regulatory sources are the responsibility of each agency.
Service Type: Ongoing
Time to commission service: On request
Service Target: Advisories for (7.0 - 10.0) known exploited vulnerabilities distributed within 24 hours. Other advisories are reviewed for quality and accuracy and distributed within 1 week.ÂÂÂÂÂÂ
Agency Responsibilities: Provide email distribution list for delivery of advisories.
WAGov Cyber Security Policy Areas: 2. Identify
Methodology
The WA SOC reviews cyber security advisories from Australian state and federal jurisdictions, ACSC, CISA, NCSC, private industry and internally generated intelligence derived from the WA SOC’s threat hunting and incident monitoring activities. Agencies should refer to the in the absence of an internal vulnerability management.
Contact details: cybersecurity@dpc.wa.gov.au
Automated Indicator Sharing
Automated Indicator Sharing (AIS) enables the exchange of cyber threat indicators across the community at machine speed. Threat indicators are pieces of information like malicious IP addresses or the sender’s address of a phishing email. The goal is to ensure as soon as a stakeholder observes an attempted compromise, the cyber threat indicator of compromise (IOC) will be shared in real time with all partners, protecting everyone from that particular threat.
Service Type: Available on request
Time to commission service: On request
Service Target: TLP:WHITE or TLP:GREEN Cyber Threat Intelligence (CTI) collected during incident response is reviewed and published via WA SOC threat feeds within 4 hours.
Agency Responsibilities: Ensure requests for investigative activities during incident response are actioned in a timely manner, especially in situations where information may not be directly available to the WA SOC.
WAGov Cyber Security Policy Areas: 3. Protect, 4. Detect
Methodology
The WA SOC redistributes ACSC and select commercial CTI, as well as curates and distributes CTI specific to incidents it is coordinating. All incident derived CTI has its TLP.
level defined based on the source and is anonymised unless an agency requests to share its identity. CTI collected during incident response is collected in the WA SOC threat intelligence platform and made available via . CTI may also be distributed via Security Advisories where broad community action is deemed appropriate due to the limited community consumption of automatically shared indicators.
Contact details: cybersecurity@dpc.wa.gov.au
SIEM Health Monitoring
Assessment of event ingestion and retention suitability across a given operational security environment. Actionable guidance to improve the organization’s security environment, including specific recommendations, security best practices, and recommended tactical measures.
Service Type: Enabled once connectivity validated. Requires signing of MOU with Cyber Security Unit and onboarding to WASOC.
Time to commission service: N/A
Service Target: Security environment health overview focused on event data visibility and retention is included in monthly reporting.
Agency Responsibilities: Ensure the WA SOC is aware of the security environments in use, and has appropriate role based access for automation accounts to query secured API endpoints for security event statistics.
WAGov Cyber Security Policy Areas: 3. Protect, 4. Detect
Methodology
The WA SOC queries event data daily using the and where role based access has been delegated to WA SOC automation accounts. Aggregated statistics are persisted and used to generate monthly insights based on current best practices regarding event data collection and retention.
Contact details: cybersecurity@dpc.wa.gov.au
Incident Triage Assistance
Cyber Security Incidents are managed under the . The WA SOC provides ongoing liaison and support to agencies during the initial stages of triage from a potential detection, and where appropriate provides Critical Incident Response support for Significant Cyber Incidents and Cyber Crises. The assistance during triage is designed to ensure that agencies are able to rapidly classify and confirm the severity of incidents from all sources of detection.
Service Type: Enabled once connectivity validated. Requires signing of MOU with Cyber Security Unit and onboarding to WASOC
Time to commission service: N/A
Service Target: WA SOC verifies agency incident triage for unresolved Medium and High severity incidents recorded in the IRP within 4 business hours (8am to 5pm excluding weekends and public holidays).
Agency Responsibilities: Ensure the WA SOC is aware of incident and problem management processes to interface with, and has appropriate role based access for automation accounts to query secured API endpoints for incident information.
WAGov Cyber Security Policy Areas: 4. Detect
Methodology
The WA SOC establishes integration services between agency Microsoft Sentinel environments and the Incident Reporting Portal (IRP). A queue of unresolved Medium and High severity incidents are analysed and understood. Subsequently incidents are then classified to determine appropriate further actions and priority status is assigned. Incidents are classified as either True Positive, Benign Positive, False Positive, and communicated back to the agencies existing incident and/or problem management processes.
Contact details: cybersecurity@dpc.wa.gov.au
Detection Analytics Health Monitoring
Reduce false positives, improve detections using formal CI processes and improve quality up the pyramid of pain. Monitor Automated Indicator Sharing and ensure high value indicators and tactics have appropriate detection analytics rules implemented.
Service Type: Enabled once connectivity validated. Requires signing of MOU with Cyber Security Unit and onboarding to WASOC
Time to commission service: N/A
Service Target: Security analytics health overview focused on detection analytics coverage and effectiveness is included in monthly reporting.
Agency Responsibilities: Ensure the WA SOC is aware of the security environments in use, and has appropriate role based access for automation accounts to query secured API endpoints for security events, detection rules and security incidents.
WAGov Cyber Security Policy Areas: 4. Detect
Methodology
The WA SOC queries information sources daily using the and where role based access has been delegated to WA SOC automation accounts. Aggregated statistics are persisted and used to generate monthly insights based on coverage of and detection effectiveness based on signal to noise ratios of analytics rules. Actionable guidance to address significant opportunities and risks is included in monthly reporting.
Contact details: cybersecurity@dpc.wa.gov.au
Detection Gap Analysis
Work with agency resources in a joint exercise to conduct advanced tests of incident detection tools and responses using adversarial techniques.
Service Type: Available on request
Time to commission service: Typically, available 4-6 weeks from request dependent on resource availability
Agency Responsibilities: Work in collaboration with the CSU Capability and WA SOC teams to monitor testing activity and report events.
WAGov Cyber Security Policy Areas: 4. Detect, 5. Respond
Methodology
DGov CSU will identify appropriate targets with the agency, and review them for detection capabilities prior, during and after adversarial actions. Testing activities are undertaken in alignment with the framework and provided as open information to the defensive team, to ensure that gaps in detection are reviewed and remediated throughout the engagement. This is an effective way to provide assurance and improve defensive capabilities against threat actors.
Contact details: cybersecurity@dpc.wa.gov.au
External Attack Surface Monitoring
Discovery of external facing assets (domains, IP addresses, certificates) including unauthenticated vulnerability scanning. Scan reports are included in the monthly vulnerability reporting from the WA SOC.
Service Type: Enabled once connectivity validated. Requires signing of MOU with Cyber Security Unit and onboarding to WASOC
Time to commission service: N/A
Service Target: External attack surface overview and trends are included in monthly reporting. Critical Incident Response triggered within 24 hours when high severity known exploited vulnerabilities are detected.
Agency Responsibilities: Ensure the WA SOC is aware of any changes to domain or IP address space ownership.
WAGov Cyber Security Policy Areas: 3. Protect
Methodology
The WA SOC runs regular unauthenticated asset fingerprinting and discovery scans over each agency’s external facing assets. This data is persisted and queried by Threat Hunting whole of sector scans to enable timely incident response. On request a comprehensive assessment and recommendations of actions to minimise an agencies exposure can be undertaken, see the Vulnerability Assessment service for more details.
Contact details: cybersecurity@dpc.wa.gov.au
Vulnerability Monitoring
Monitoring of vulnerabilities picked up by operating system agents and continuous integration pipelines. High severity known exploited vulnerabilities to feed into critical incident response, overview of changes and overall posture included in monthly reporting. Note that targeted reviews and prioritisation of remediation activities is part of the Vulnerability Assessment service.
Service Type: Enabled once connectivity validated. Requires signing of MOU with Cyber Security Unit and onboarding to WASOC
Time to commission service: N/A
Service Target: Vulnerability overview and trends are included in monthly reporting. Critical Incident Response triggered within 24 hours when high severity known exploited vulnerabilities are detected.
Agency Responsibilities: Ensure the WA SOC is aware of the vulnerability data being collected, and has appropriate role based access for automation accounts to query secured API endpoints for vulnerability information.
WAGov Cyber Security Policy Areas: 3. Protect
Methodology
The WA SOC queries vulnerability data daily using the and where role based access has been delegated to WA SOC automation accounts. Aggregated statistics are persisted and used to generate monthly insights based on current vulnerabilities and overall trend compared to the previous month. High severity known exploited vulnerabilities detection analytics are developed and included in Threat Hunting whole of sector scans to enable timely incident response.
Contact details: cybersecurity@dpc.wa.gov.au
Threat hunting
Provide scenario based threat hunting of security information to determine if an incident has occurred before detection. Results feed into the WA SOC’s incident response process. Includes forensic examination of digital artifacts to detect malicious activity and develop further indicators.
Service Type: Available on request
Time to commission service: Typically available 4-6 weeks from request dependent on resource availability
Agency Responsibilities: Provide security information on request to threat hunt team throughout an engagement.
WAGov Cyber Security Policy Areas: 2. Identify, 4. Detect
Methodology
The WA SOC undertakes lightweight ongoing threat monitoring as part of its Automated Indicator Sharing and Security Advisories services, and extends this into in-depth targeted engagements to utilise common defender advantages over attackers. Preparation, modification of overall security controls and targeted detection/expulsion is the primary goal of targeted hunt activities, and feed into agency incident response and Critical Incident Response where appropriate.
Contact details: cybersecurity@dpc.wa.gov.au