0
05

Digital Assurance

In this topic, you’ll learn how to engage the Digital Protection Group’s Digital Assurance team for project and business-as-usual security testing of our services.

I’ve been working on a project to introduce some new functionality into my service and wanted to check what the process was for engaging DPG for security testing.

Yep, sure! Happy to explain a little bit how it all works. The Digital Assurance team aims to ensure that all our projects ‘Go live’ securely, as well as periodically testing some of our Business-as-Usual (BAU) services, both applications and infrastructure.

Oh, right. How do I know if my service needs a security assessment?

There are a number of factors that can determine whether a security assessment is required, such as cyber-criticality and what type of information a service holds. These are explained in the Security in Application Development Standard, but the Digital Assurance team can help you understand these requirements too when you engage them.

Sure – what’s the best way to engage their services?

The best way to do this is submitting an inquiry through RequestIT.

Right – and when’s the right time to engage them?

It’s never too early – the more lead time, the better, to help with the team’s planning and scheduling. Once your RequestIT ticket has been received a member of the penetration testing engagements team will reach out and begin the triage process. During this phase, they will collect information from you to assist with the scoping of your test as well as tentatively schedule testing dates.

Thanks Jamie, this is really helpful information. I will start progressing this straight-away to ensure that we stay on-schedule!

Doug and Jamie

Doug has settled into his Service Owner role at CBA and is pleased that a project to introduce some new functionality into his service is progressing well.

He has been adhering to the Security in Application Development Standard to ensure that security has been considered and implemented right from the start of his project. Doug has also adopted secure coding practices during his project, and onboarded the application to code review tools that can check for security issues.

Doug is aware that his service will need to undergo security testing before this functionality can be pushed into production. So, he reaches out to Jamie to ask how CBA manages Digital Assurance and how he can ensure this process runs as smoothly as possible.