OWASP
SAMM
Secure Dev. Ops
Phronesis Security has extensive experience working with local, state, and federal government agencies of all shapes and sizes. Some examples of commonly utilised services include:
-
Performing penetration testing, cloud configuration reviews and threat and risk assessments for local government councils.
-
Meeting state government mandatory reporting requirements, such as NSW Cyber Security Policy annual attestations or developing Protective Data Security Plans under the Victorian Protective Data Security Framework.
-
Delivering large-scale cyber incident readiness programs for law enforcement, cultural institutions, and service delivery agencies.
-
IRAP assessments, Essential Eight maturity assessments and ISM uplift programs for Government agencies across a broad range of portfolios.
Our expert consultants have supported a broad range of entities that include regulators, law enforcement, intelligence, education, health, cultural institutions and lead agencies. Leveraging extensive experience working with and within Government, we intimately understand the complex intersection of Government policy, public trust, regulatory oversight, and service delivery context that makes securing Government environments such a uniquely fascinating challenge.
Key Problems
We understand government entities must juggle a complex service delivery mandate with an elevated threat profile and low tolerance for cyber risk – after all, maintaining public trust is always paramount. Accordingly, we recognise the following key cyber security challenges faced by agencies at all levels of government:
-
Making the very best use of limited budgets to stay ahead of a seemingly unlimited range of threat actors and attack vectors.
-
Meeting ongoing legal and regulatory reporting obligations, often spanning multiple compliance frameworks in constantly-changing environments.
-
A lack of visibility of third-party risk exposure, especially regarding vendors, funded agencies, or community service providers.
-
Management of a diverse technology stack with strict control requirements such as implementation of macro control or application control.
Services
We offer the following services that are tailored to help government organisations succeed with reducing their cyber security risk and meeting their compliance obligations:
-
Threat and Risk Assessment
ISO31000:2018-aligned cyber security risk assessments in which threat modelling is built into determining cyber risk exposure for more informed decision-making. -
Attestation Assistance
Support with Mandatory 25 assessments in New South Wales, VPDSS reporting in Victoria or meeting IS18 requirements in Queensland. -
Commonwealth Reporting
IRAP / Essential8 / ISM. Assistance with by ASD endorsed cyber security professionals to provide assurance of the security of systems storing or processing Australian Government data. -
Cyber Incident Readiness
Incident response capability development including developing plans and playbooks or running exercises to test and train your team. -
Third Party Risk Management
Assessments of funded agencies, vendors and suppliers to provide assurance over the cyber security risks they introduce. -
Penetration Testing
Practical testing of the security controls and identification of vulnerabilities within systems.
Why Phronesis Security
Our differentiator that allows us to serve Government organisations better than other consultancies is our years of intimate experience consulting to or working internally within government organisations
The ancient Greeks called using knowledge to achieve a practical good 'phronesis', or φρόνησῐς. We recognise this is true in cyber security - technology is only as effective as its configuration, and policies are just paper without an educated workforce. We also recognise some of the world's most challenging issues require immediate, practical action. Committed to delivering world-class services to our clients and supporting high-impact charities, Phronesis Security strives to break the mould, and do cyber security for good.
Phronesis Security at the Technology Scale-up Awards
Case Studies
Cyber Security Advisory Services (NSW Government)
NSW Government Incident Response Uplift Program
RAAF Aircraft Accreditation
Testimonial
The team at Phronesis always deliver a quality outcome with the expertise and thought leadership up to the task.
- D. Mathieson, Chief Information Security Officer
NSW Government