AI Security
Government
Phronesis Security has extensive experience working with local, state, and federal government agencies of all shapes and sizes. Some examples of commonly utilised services include:
-
Performing penetration testing, cloud configuration reviews and threat and risk assessments for local government councils.
-
Meeting state government mandatory reporting requirements, such as NSW Cyber Security Policy annual attestations or developing Protective Data Security Plans under the Victorian Protective Data Security Framework.
-
Delivering large-scale cyber incident readiness programs for law enforcement, cultural institutions, and service delivery agencies.
-
IRAP assessments, Essential Eight maturity assessments and ISM uplift programs for Government agencies across a broad range of portfolios.
Our expert consultants have supported a broad range of entities that include regulators, law enforcement, intelligence, education, health, cultural institutions and lead agencies. Leveraging extensive experience working with and within Government, we intimately understand the complex intersection of Government policy, public trust, regulatory oversight, and service delivery context that makes securing Government environments such a uniquely fascinating challenge.
Key Problems
We believe these are the following key cyber security problems facing government entities currently:
-
Lack of visibility of third party risk exposure, e.g. funded agencies and community service providers.
-
Complex compliance mandates and reporting,
-
Technical uplift including compliance with Essential8, e.g. Application Control.
-
Reducing cyber security budget wastage and duplication of effort.
-
An ever changing threat and attack landscape, trying to stay on top of your threats and risks.
Services
We offer the following services that are tailored to help government organisations succeed with reducing their cyber security risk and meeting their compliance obligations:
-
Threat and Risk Assessment
ISO31000:2018-aligned cyber security risk assessments in which threat modelling is built into determining cyber risk exposure for more informed decision-making. -
Attestation Assistance
Support with Mandatory 25 assessments in New South Wales, VPDSS reporting in Victoria or meeting IS18 requirements in Queensland. -
Commonwealth Reporting
IRAP / Essential8 / ISM. Assistance with by ASD endorsed cyber security professionals to provide assurance of the security of systems storing or processing Australian Government data. -
Cyber Incident Readiness
Incident response capability development including developing plans and playbooks or running exercises to test and train your team. -
Third Party Risk Management
Assessments of funded agencies, vendors and suppliers to provide assurance over the cyber security risks they introduce. -
Penetration Testing
Practical testing of the security controls and identification of vulnerabilities within systems.
Why Phronesis Security
Our differentiator that allows us to serve Government organisations better than other consultancies is our years of intimate experience consulting to or working internally within government organisations.
The ancient Greeks called using knowledge to achieve a practical good 'phronesis', or φρόνησῐς. We recognise this is true in cyber security - technology is only as effective as its configuration, and policies are just paper without an educated workforce. We also recognise some of the world's most challenging issues require immediate, practical action. Committed to delivering world-class services to our clients and supporting high-impact charities, Phronesis Security strives to break the mould, and do cyber security for good.
Case Studies
We have the following case studies that provide a sample of some of the projects we have completed for government clients previously:
NSW Government Incident Response Uplift Program
This project involved the design and delivery of an incident response uplift program for sixteen (16) different NSW Government agencies including law enforcement, cultural institutions, and service delivery agencies. Phronesis Security’s engagement delivered a significant improvement in incident response maturity for agencies with a diverse range of ICT environments, security maturity, and legal and regulatory drivers. Phronesis Security also benchmarked each agency against the NIST-CSF at commencement and completion of the engagement, to enable continuous improvement and monitoring of cyber security maturity. This also allowed for enable more cost-effective cyber security expenditure across the state. This engagement was delivered within scope, budget and schedule, despite occurring over holiday periods and COVID-19 lockdowns. The outcome was commended by all key client stakeholders for the targeted and impactful delivery of crucial incident response capabilities.
RAAF Aircraft Accreditation
This project resulted in successfully attaining accreditation for eleven (11) different onboard and on-base systems for a fleet of Royal Australian Air Force aircraft. This involved undertaking a comprehensive threat and risk analysis, balanced against core operational and airworthiness requirements, prior to the development of a suite of documentation covering all Information Security Manual (ISM) and operational requirements. This project was delivered to the highest standard, with all project objectives achieved within scope, schedule, and budget.
Get in Touch
Get in touch with out Leadership team to discuss how we can help you.
Danielle Hood, CTO
Head of Security Architecture
OR