membership add-on

Governance, Risk, and Compliance (GRC) is a vital component of cyber security that integrates governance, risk management, and compliance to help bolster an organisation’s security.

Governance involves establishing policies and processes to oversee cybersecurity measures. Risk management includes identifying, assessing, and prioritising cybersecurity risks, followed by implementing controls and mitigation strategies. Compliance entails adhering to relevant laws, industry-specific standards, and frameworks, such as the Privacy Act (1988) for data privacy and NIST CSF for cybersecurity security risk management.

GRC plays a crucial role in proactively safeguarding assets and information while offering numerous advantages to organisations, including aligning IT with business objectives, managing risks, reducing costs, and ensuring regulatory compliance.

Includes

  • Maturity Assessments
  • Tabletop Exercises

How we can help

AUSCERT offers expert advice and consultations and can aid you in understanding the intricacies of Governance, Risk, and Compliance (GRC), improving your cybersecurity stance in alignment with your business objectives.

We specialise in helping organisations confidently adhere to industry frameworks, standards, and benchmarks.

Our services, including maturity assessments and tabletop exercises, are designed to identify and address cybersecurity gaps in your organisation. Take proactive steps to enhance your cybersecurity posture and mitigate information security risks. Through collaboration, we work together with you to reduce your risk exposure, thereby advancing the security and compliance standards across your organisation.

What's included?

Tabletop Exercises

Our tabletop exercises (TTXs) are designed to explore and improve your organisation’s preparedness in managing and responding to various cyber incidents. These exercises help identify critical gaps in your incident response strategies and decision-making under pressure, improving organisational cyber resilience.

What Does AUSCERT’s Tabletop Exercise (TTX) Service Include?

1. Information Gathering

We take pride in delivering highly customised TTXs tailored to each organisationโ€™s specific needs and environment. Before the simulation, we work closely with your team to gather detailed information, ensuring a truly bespoke experience. This process allows us to design a realistic main event (the scenario) and multiple injects – additional cascading events that challenge participants to respond with adaptability, teamwork, and problem-solving. Unlike generic simulations, we never recycle scenarios across organisations, ensuring each TTX is uniquely suited to your context.

2. Simulation Exercise

Our experienced facilitators lead participants through realistic, scenario-driven discussions, emphasising critical areas such as roles, responsibilities, coordination, and decision-making. We present events and situations, prompting participants to react and make decisions in real-time. Throughout the exercise, observers actively collect data and take notes, ensuring key insights are captured. Critical questions are raised and addressed collaboratively, fostering open dialogue and encouraging problem-solving. The focus is on creating a supportive environment where teams can openly explore, test, and refine their incident response strategies.

3. Post-TTX Workshop Report

Following the simulation, we provide a comprehensive report outlining our observations and highlighting key areas for improvement in incident response. This report can be used to assure stakeholders of the organisation’s cyber resilience. It includes targeted recommendations for addressing gaps identified during the exercise, ensuring that our TTXs provide valuable insights to organisations at any stage of their cybersecurity maturity.

4. Follow-Up Meeting

In this meeting, we will discuss the report, identify improvement opportunities, and provide recommendations to address gaps and enhance your organisation’s cyber resilience. It offers participants a chance to discuss the exercise, seek clarification on the report’s findings, and receive feedback from facilitators and observers.

Maturity Assessments

Take proactive steps to enhance your cybersecurity posture and mitigate information security risks. Through collaboration, we work together with you to reduce your risk exposure.

As part of the maturity assessment service, the following is included within the package offered:

  • Comprehensive Assessment: An assessment is undertaken to evaluate your cybersecurity posture and maturity against 20 of the most critical NIST CSF controls, split across 15 core security domains, covering people, processes, and technology.
  • Maturity Gap Report: You will receive a detailed report that benchmarks your current cybersecurity posture and identifies any gaps. This report will also provide you with clear next steps to help elevate your maturity level.
  • Risk Scenario Assessment Report: Based on supplied cyber risk scenarios, including the potential impacts they would cause should they occur.
  • Executive Summary and Strategy Document: A valuable resource for your senior management, this document will be based on the gap and risk assessments. It will include:
    • An overview of the gap assessment, spotlighting your organisation’s overall maturity level and benchmark.
    • A concise strategy on a page.
    • A risk scenario heatmap derived from the risk assessment.
    • An example security improvement roadmap.
  • Optional Follow-Up: To ensure your ongoing cybersecurity success, we offer an optional complimentary follow-up assessment after your initial consultation*. This follow-up aims to confirm any improvements that might have elevated your posture to your desired level of maturity. A new Maturity Gap Report will be provided as part of this package.

Enquire about Maturity Assessments & Tabletop Exercises

Reach out for more information and pricing