Risk
To manage risks, you must understand them. We help you identify the unique cyber threats and risks your organisation faces, and help you manage them. Scroll down to learn how.
POPULAR SERVICES
Policies and Procedures
"We need to document
our procedures and controls"
Proper documentation is essential in supporting any organisation's consistency of processes, continued improvement of operations and ability to recover from a disaster.
Our people are experienced in developing bespoke, fit-for-purpose policies, standards and procedures aligned with your governance framework and business context. It's our job to build gold-standard, fit-for-purpose documentation to suit your business, so you can focus on what matters most.
"We need to understand our
key risks"
Whether strategic, enterprise or asset-specific, we understand the complexity of translating cyber security risk into business language.
Our people are experienced in conducting risk assessments and developing bespoke solutions to complex problems. We understand the threat environment and tailor risk assessments to suit your business context, threat profile and individual control environment.
Risk Assessment
ISO 27001 Compliance
"We need to be ISO 27001 compliant"
For most organisations, compliance isn't a one-size-fits all activity. ISO 27001 enables organisations to manage their compliance with a risk-based approach.
Our people are qualified and experienced in helping organisations become ISO 27001 compliant, or aligned. We're certified to conduct ISO 27001 compliance assessments and audits. If ISO 27001 isn't your cup of tea, we also have experience in conducting compliance assessments against a range of information security best practice frameworks and standards.
RISK SERVICES
Governance
We help your organisation plan for and improve your Cyber Security Program. Designed for and tailored to your threat and risk profile, we support your organisation in providing the right people the right information at the right time. Our governance services include:
Plan
-
Cyber security strategy
-
Governance design
-
Roles and responsibilities
-
Policies and procedures
Improve
-
Executive performance dashboard
-
Governance reporting
-
Cyber workforce planning
-
Audit and assurance
We also support your organisation in designing your holistic cyber security program through our Virtual CISO Service. We follow a structured program to assist you at all stages and maturity in uplifting, embedding or establishing your cyber security capability.
Management
We help your organisation identify and manage your information security risk. The management of risk is the root of all of our services, and its essential that your organisation has clarity on its risk approach. Our risk management services include:
Identification
-
Risk tolerance and appetite
-
Risk management framework
-
Threat and risk assessment
-
Supply chain risk assessment
Management
-
Cyber security training and awareness
-
Cyber risk reporting and dashboarding
-
Technical security assessment
-
GRC tool implementation and review
We also provide Board Cyber Security Training, which leverages Open Source Intelligence (OSINT) to provide bespoke presentation materials targeted to your audience and based on your unique requirements.
Compliance
We help your organisation demonstrate or achieve compliance to various compliance standards, frameworks and legislation. We translate your compliance program to business risk, to enable a consistent monitoring, improvement and communication of your cyber security posture. Our compliance specialists are familiar with both international and local standards, including:
International
-
ISO 27001
-
NIST
-
COBIT
-
CIS CSC
-
GDPR
Local
-
Information Security Manual (ISM)
-
Essential 8
-
State based compliance schemes (IS18, SACSF, NSW Cyber Security Policy)
-
Sector specific requirements (AESCSF, CPS 234)
-
SOCI/SLACI
-
The Privacy Act and NDB Scheme
We also support businesses at all stages of their journey, including during mergers and acquisitions. We identify organisational compliance to key risk management standards, identify vulnerabilities, key threats and risks which may impact on any deals.