top of page
elisa-ventur-yjHh4JpZQT8-unsplash_edited.jpg

ISO/NIST/PCI

ISO/NIST  (IN DRAFT)

Phronesis Security has extensive experience working with local, state, and federal government agencies of all shapes and sizes. Some examples of commonly utilised services include:

  • Performing penetration testing, cloud configuration reviews and threat and risk assessments for local government councils.

  • Meeting state government mandatory reporting requirements, such as NSW Cyber Security Policy annual attestations or developing Protective Data Security Plans under the Victorian Protective Data Security Framework.

  • Delivering large-scale cyber incident readiness programs for law enforcement, cultural institutions, and service delivery agencies.

  • IRAP assessments, Essential Eight maturity assessments and ISM uplift programs for Government agencies across a broad range of portfolios.


Our expert consultants have supported a broad range of entities that include regulators, law enforcement, intelligence, education, health, cultural institutions and lead agencies. Leveraging extensive experience working with and within Government, we intimately understand the complex intersection of Government policy, public trust, regulatory oversight, and service delivery context that makes securing Government environments such a uniquely fascinating challenge.

 

Key Problems 

We understand government entities must juggle a complex service delivery mandate with an elevated threat profile and low tolerance for cyber risk – after all, maintaining public trust is always paramount.  Accordingly, we recognise the following key cyber security challenges faced by agencies at all levels of government:
 

  • Making the very best use of limited budgets to stay ahead of a seemingly unlimited range of threat actors and attack vectors.

  • Meeting ongoing legal and regulatory reporting obligations, often spanning multiple compliance frameworks in constantly-changing environments.

  • A lack of visibility of third-party risk exposure, especially regarding vendors, funded agencies, or community service providers.

  • Management of a diverse technology stack with strict control requirements such as implementation of macro control or application control.

Services 

We offer the following services that are tailored to help government organisations succeed with reducing their cyber security risk and meeting their compliance obligations:
 

  • Threat and Risk Assessment
    ISO31000:2018-aligned cyber security risk assessments in which threat modelling is built into determining cyber risk exposure for more informed decision-making.  

  • Attestation Assistance
    Support with Mandatory 25 assessments in New South Wales, VPDSS reporting in Victoria or meeting IS18 requirements in Queensland.

  • Commonwealth Reporting
    IRAP / Essential8 / ISM. Assistance with by ASD endorsed cyber security professionals to provide assurance of the security of systems storing or processing Australian Government data.

  • Cyber Incident Readiness
    Incident response capability development including developing plans and playbooks or running exercises to test and train your team.

  • Third Party Risk Management
    Assessments of funded agencies, vendors and suppliers to provide assurance over the cyber security risks they introduce.

  • Penetration Testing
    Practical testing of the security controls and identification of vulnerabilities within systems.

Clients

We have worked with a vast array of Australian government organisations previously, including: 

DOD - Cyber Security - Phronesis Security
ACSC Cyber Security - Phronesis Security
New_South_Wales_Government_logo.svg.png

Why Phronesis Security

Our differentiator that allows us to serve Government organisations better than other consultancies is our years of intimate experience consulting to or working internally within government organisations
 

The ancient Greeks called using knowledge to achieve a practical good 'phronesis', or φρόνησῐς. We recognise this is true in cyber security - technology is only as effective as its configuration, and policies are just paper without an educated workforce. We also recognise some of the world's most challenging issues require immediate, practical action. Committed to delivering world-class services to our clients and supporting high-impact charities, Phronesis Security strives to break the mould, and do cyber security for good.

TSA 2023-206.jpg

Phronesis Security at the Technology Scale-up Awards

Case Studies 

We have the following case studies that provide a sample of some of the projects we have completed for government clients previously: 
 

NSW Government Incident Response Uplift Program 

This project involved the design and delivery of an incident response uplift program for sixteen (16) different NSW Government agencies including law enforcement, cultural institutions, and service delivery agencies. Phronesis Security’s engagement delivered a significant improvement in incident response maturity for agencies with a diverse range of ICT environments, security maturity, and legal and regulatory drivers. Phronesis Security also benchmarked each agency against the NIST-CSF at commencement and completion of the engagement, to enable continuous improvement and monitoring of cyber security maturity. This also allowed for enable more cost-effective cyber security expenditure across the state. This engagement was delivered within scope, budget and schedule, despite occurring over holiday periods and COVID-19 lockdowns. The outcome was commended by all key client stakeholders for the targeted and impactful delivery of crucial incident response capabilities. 

 

RAAF Aircraft Accreditation 

This project resulted in successfully attaining accreditation for eleven (11) different onboard and on-base systems for a fleet of Royal Australian Air Force aircraft. This involved undertaking a comprehensive threat and risk analysis, balanced against core operational and airworthiness requirements, prior to the development of a suite of documentation covering all Information Security Manual (ISM) and operational requirements. This project was delivered to the highest standard, with all project objectives achieved within scope, schedule, and budget. 

Get in Touch

Use this link to select a time in the calendar of one of our consultants now.

Or get in touch for a free consultation.

Get in Touch

Contact Us

We'll be in touch!

bottom of page