ARInnovate is a specialised consulting firm providing organisations with bespoke software development and cyber security services.


Client: Renewable Energy Company

Location: Australia and Europe

Situation: Since operating in Australia, the organisation had to comply with Australian Energy Market Operator’s (AEMO) Australian Energy Sector Cyber Security Framework (AESCSF). At the same time, considering that they are a global company, they had adopted NIST CSF as their information security control framework.

Ask: The organisation asked ARInnovate to achieve the following:

  • To conduct an assessment to identify gaps between their current IT/OT environment and AESCSF requirements.
  • Establish a common control framework that will help them comply with both NIST CSF and AESCSF requirements
    1. Remediate the gaps identified through the assessment.

Our Solution: We delivered our solution in 3 phases:

Phase 1: To identify the gaps between IT/OT environment and AESCSF requirements, we adopted a 6-step approach:

  • Conducted a threat assessment to identify threat scenarios that will impact the organisation
  • Identified controls that will defend if the threat scenarios were to materialise
  • Conducted a risk assessment to identify gaps between current control implementation and the desired control implementation.

Phase 2: Established a common control framework based on the controls identified in the previous step. The controls are mapped with AESCSF and NIST frameworks.

Phase 3: Implemented the gaps. The gaps implemented were in the following domains:

  • Security awareness training
  • Asset Management
  • Vulnerability identification and remediation
  • Security Monitoring
  • Risk Management