Information and Cyber Security Risk

Information and Cyber security risk

Information and Cyber Security Risk

Organisations face the dual challenge of meeting client needs and protecting their information. Evolving business needs, disruptive technologies and changing compliance requirements often introduce challenges and risks to the organisation.

Confusing regulations, antiquated systems, acquisitions and limited resources can leave organisations exposed and provide roadblocks, keeping them from implementing a consistent, repeatable and sustainable security program against cyber threats.

As cyber security continues to affect the bottom line, the need to continually assess and improve your security program is paramount.


Darren Booth

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

RSM’s cloud security assessment demonstrates the value and use case for organisations within your industry to leverage cloud services, cloud access security brokers and related components that drive toward improved security measures in the cloud.

Information and cyber security

To compound an already complex cyber landscape, companies now are facing liability for significant penalties even when no data breach occurs. This is due to new compliance requirements dictating how sensitive data can be stored and used.

With evolving data privacy regulations, such as the General Data Protection Regulation (GDPR) and the Australian Privacy Principles (APP), organisations must be aware of how they are handling their customer's personal data and sensitive information. This includes customer permission to even possess the data, and the different regulations they are required to comply with.

RSM’s risk consultants combine industry and technical experience to tailor our approach to your unique business. This allows us to identify your highest risks and help plan for protection and compliance. We work with you to:

  • Assess physical, cyber and personnel vulnerabilities from various attack scenarios
  • Design, implement and manage your enterprise security program
  • Develop a program to proactively comply with evolving data privacy regulations
  • Use digital forensics for swift attention to security breaches or civil/criminal litigation issues
  • Build a compliance program that aligns to various regulations such as GDPR, PCI, NIST, HIPAA and APP
  • Develop an agile governance structure across all facets of security that aligns with your business strategy
  • Build a culture and awareness around key cyber security considerations

RSM Information and Data Pricavy services

With guidance from RSM’s Cyber Security and Privacy risk consultants, you can drive your business forward with confidence, knowing your most important assets are protected.

Contact a workplace assurance specialist


RSM has a variety of professionals who are well-versed in many different industries. With their experience, they can help provide an organisation with direction and resources to assist in augmenting information technology staff and leaders to meet operational requirements.

In addition, our team of professionals can help security leaders show a return on investment through collaboration and development of key metrics.

Who needs this?

If your business is currently facing difficulties in meeting required security standards or is failing to meet your own internally set goals, our Cyber Security governance and compliance service will be beneficial to you. Our knowledgeable staff will collaborate with you to determine your information security needs.

Overview of Services

Viewing your organisation holistically, we will assess your organisation's security and privacy technical, compliance and risk management environments. Following the evaluation, your team will know where any existing holes are, how to fix them and how best to manage the metrics going forward.

After collaborating with you to understand and assess your information security needs, our professionals help you identify a governance framework to fit your needs. Some widely used governance frameworks include:

  • International Organization for Standardization (e.g., ISO 27001/27002)
  • National Institute of Standards and Technology (e.g., NIST CSF, NIST SP800-53, 800-171, etc)
  • Center for Internet Security (CIS Critical Security Controls, CIS Benchmarks)
  • Governmental standards, such as The Essential Eight, ISM, PSPF, VPDSF and others
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Industry best practices from the SANS Institute, ISACA, ISC2

We recognise that methodologies and frameworks may not always be “one size fits all.” Our team helps you adapt or blend standard frameworks or custom tailors a unified controls framework to address your unique needs.

Once a framework has been identified or created, RSM can help you fulfil the requirements or recommendations of that framework with our additional compliance and governance service offerings:

  • Data and system classification
  • Policy and governance
  • Operational and technical security risks
  • Compliance/regulatory/legal exposure
  • Business continuity capabilities
  • Internal security
  • Wireless communications
  • Physical security

When conducting our cyber security assessments, RSM performs a holistic approach to evaluate your controls and potential gaps that may exist. We then work with our clients to determine which approach best suits their needs by applying the following methodology:

Technical security assessment

RSM offers Workplace assurance advice

How businesses can respond to current cyber threats

5 October 2022
Cyber security breaches seem to be becoming commonplace these days.  

Risk Insider Newsletter - Edition #12

31 August 2022
I recently sat down with two ASX listed Board Directors to discuss the board’s role in integrating environmental, social and governance (ESG) criteria into business performance.

Cyber security in agriculture: How to adopt technology and keep your business secure

11 July 2022
Cyber security in agriculture is a growing concern.  Innovative technology like smart-sensors can help save a harvest from the whims of Mother Nature, but internet-connected devices do come with added risk. RSM Sydney's Director of Risk Advisory, Ashwin Pal, talks about the cyber risk that comes with smart technology in agribusiness and how to innovate securely.

Now is the time for Risk and Cyber Security to work closer together

29 March 2022
Having worked across all of Asia Pacific in previous roles, RSM's cybersecurity and privacy specialist Ashwin Pal has seen and experienced how things are done broadly within the region. 

11th Annual Fraud Prevention Summit 2022

28 February 2022
Future-proof your fraud management strategy through investigation, detection, prevention, and protection.

The Six Pillars of Cyber Security and Risk Management

9 February 2022
Not a week goes by without news of a prominent organisation falling victim to a cyber attack.  This list of organisations seems to grow endlessly as cyber criminals enjoy their successes and try more attacks with newer tactics and techniques.

A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles and Mandatory Data Breach Notification Scheme

24 January 2022
On 13 February 2017 the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill establishing a Mandatory Data Breach Notification Scheme in Australia.  The purpose of which is to protect the rights of individuals and strengthen community trust in businesses and agencies. 

Protect the future of your business with security certification

2 December 2021
Cybersecurity is a real risk and one that needs to be considered and managed effectively in order to protect the future of your business. 

Staying on top of our Cyber Hygiene

1 December 2021
One of the implications of COVID on our digital lives is that we are now more online than ever before. 

RSM and Avertro forge a partnership to secure Australian businesses

26 October 2021
RSM Australia (RSM), one of the largest mid-tier accounting firms in Australia, are joining forces with Avertro, a sovereign Australian cybersecurity startup, in an industry-leading partnership that will improve the cyber resilience of Australian businesses.

The path to becoming an Accredited Data Recipient

20 October 2021
As a potential Accredited Data Recipient (ADR) for Open Banking and Open Energy, the path to achieving Consumer Data Right accreditation may appear complex and time consuming to navigate.  

Security of Critical Infrastructure Act 2018 (SOCI Act) – A Brief Overview

14 October 2021
No one will argue that the cyber threat landscape is changing rapidly for the worse.

Using the Office of the Australian Information Commissioner (OAIC) CDR Privacy Safeguard Guidelines as a FAQ

30 September 2021
There is a lot of reading to do if you want to receive and use Consumer Data Right (CDR) data for Open Banking or Open Energy.

Cyber Security - Board, Audit and Risk Committee Responsibility

28 September 2021
There aren't too many weeks that go by where there isn’t a new significant data breach reported.

Controls Alignment to Risk Tolerance

28 September 2021
The first half of 2021 has seen a noticeable increase in cyber breaches of some very notable brands.