Risk Management

Lockstep provides advice on information risk management, including technology selection, long term strategy, and formal Threat & Risk Assessments (TRAs).

Lockstep’s TRA clients include:

  • National Authentication Service for Health (NASH): we delivered the Commonwealth Gatekeeper-standard TRA for this complex, country-scale identity management system
  • National eHealth Transition Authority (NEHTA): we developed a risk register for the application of electronic signatures across multiple e-health settings
  • Australia Post: we performed comprehensive AS 4360-based TRAs on a number of multi-million dollar enterprise software implementations
  • NSW Government: we used our AS 4360 risk management expertise to develop a series of innovative new Return-on-Security-Investment modelling tools, promulgated as Guidelines for state government agency managers.

Lockstep’s Security ROI model and tool was subsequently adopted by the US Department of Defence; see ROI.

Stephen Wilson Security Profile 2012