Information and Cyber Security Risk

Information and Cyber security risk

Information and Cyber Security Risk

Organisations face the dual challenge of meeting client needs and protecting their information. Evolving business needs, disruptive technologies and changing compliance requirements often introduce challenges and risks to the organisation.

Confusing regulations, antiquated systems, acquisitions and limited resources can leave organisations exposed and provide roadblocks, keeping them from implementing a consistent, repeatable and sustainable security program against cyber threats.

As cyber security continues to affect the bottom line, the need to continually assess and improve your security program is paramount.


Darren Booth

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

RSM’s cloud security assessment demonstrates the value and use case for organisations within your industry to leverage cloud services, cloud access security brokers and related components that drive toward improved security measures in the cloud.

Information and cyber security

To compound an already complex cyber landscape, companies now are facing liability for significant penalties even when no data breach occurs. This is due to new compliance requirements dictating how sensitive data can be stored and used.

With evolving data privacy regulations, such as the General Data Protection Regulation (GDPR) and the Australian Privacy Principles (APP), organisations must be aware of how they are handling their customer's personal data and sensitive information. This includes customer permission to even possess the data, and the different regulations they are required to comply with.

RSM’s risk consultants combine industry and technical experience to tailor our approach to your unique business. This allows us to identify your highest risks and help plan for protection and compliance. We work with you to:

  • Assess physical, cyber and personnel vulnerabilities from various attack scenarios
  • Design, implement and manage your enterprise security program
  • Develop a program to proactively comply with evolving data privacy regulations
  • Use digital forensics for swift attention to security breaches or civil/criminal litigation issues
  • Build a compliance program that aligns to various regulations such as GDPR, PCI, NIST, HIPAA and APP
  • Develop an agile governance structure across all facets of security that aligns with your business strategy
  • Build a culture and awareness around key cyber security considerations

RSM Information and Data Pricavy services

With guidance from RSM’s Cyber Security and Privacy risk consultants, you can drive your business forward with confidence, knowing your most important assets are protected.

Contact a workplace assurance specialist


RSM has a variety of professionals who are well-versed in many different industries. With their experience, they can help provide an organisation with direction and resources to assist in augmenting information technology staff and leaders to meet operational requirements.

In addition, our team of professionals can help security leaders show a return on investment through collaboration and development of key metrics.

Who needs this?

If your business is currently facing difficulties in meeting required security standards or is failing to meet your own internally set goals, our Cyber Security governance and compliance service will be beneficial to you. Our knowledgeable staff will collaborate with you to determine your information security needs.

Overview of Services

Viewing your organisation holistically, we will assess your organisation's security and privacy technical, compliance and risk management environments. Following the evaluation, your team will know where any existing holes are, how to fix them and how best to manage the metrics going forward.

After collaborating with you to understand and assess your information security needs, our professionals help you identify a governance framework to fit your needs. Some widely used governance frameworks include:

  • International Organization for Standardization (e.g., ISO 27001/27002)
  • National Institute of Standards and Technology (e.g., NIST CSF, NIST SP800-53, 800-171, etc)
  • Center for Internet Security (CIS Critical Security Controls, CIS Benchmarks)
  • Governmental standards, such as The Essential Eight, ISM, PSPF, VPDSF and others
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Industry best practices from the SANS Institute, ISACA, ISC2

We recognise that methodologies and frameworks may not always be “one size fits all.” Our team helps you adapt or blend standard frameworks or custom tailors a unified controls framework to address your unique needs.

Once a framework has been identified or created, RSM can help you fulfil the requirements or recommendations of that framework with our additional compliance and governance service offerings:

  • Data and system classification
  • Policy and governance
  • Operational and technical security risks
  • Compliance/regulatory/legal exposure
  • Business continuity capabilities
  • Internal security
  • Wireless communications
  • Physical security

When conducting our cyber security assessments, RSM performs a holistic approach to evaluate your controls and potential gaps that may exist. We then work with our clients to determine which approach best suits their needs by applying the following methodology:

Technical security assessment

RSM offers Workplace assurance advice

Controls Alignment to Risk Tolerance

28 September 2021
The first half of 2021 has seen a noticeable increase in cyber breaches of some very notable brands.

3 tips to protect your government agency from a ransomware attack

23 September 2021
Are you scared of being a victim of ransomware?

RSM Australia is prequalified for the NSW ICT Services Scheme (SCM0020)

16 September 2021
Earlier this year, the NSW Stage Government announced the release of the NSW CSP 4.0. One of the key drivers for this Policy is the uplift of cyber resilience in government in response to the significant increase in cyber attacks in Australia. 

Phishing for information – Are you at threat of attack?

19 August 2021
In our ever-evolving society, organisations are becoming increasingly reliant on online operations, leaving them more vulnerable to cyber threats than ever before. 

Submission to Treasury on Consumer Data Right rules amendments

10 August 2021
RSM's experience in completing Consumer Data Right (CDR) information security accreditation reports and applications has informed a recent submission to Treasury on CDR rules amendmen

Cyber Security – A practical approach

9 August 2021
As the threat landscape worsens and we see new attacks emerging daily, organisations are left asking the question “what needs to change” to stop this?

Why public entities and non-profits need to step up cyber security

19 July 2021
As the past few years have shown, no organisation is exempt from the dangerous and malicious actions of criminal cyber entities. 

Ransomware – How SMEs Can Stay Safe Online

15 July 2021
There have been several ransomware attacks on Australian businesses lately. Awareness of this threat is increasing, but a number of small businesses, in particular, are still in the dark around what this is and how to protect themselves against it.  BUT FIRST, WHAT IS RANSOMWARE?

Bootstrapping your IT infrastructure for under $5K

30 April 2021
Developing your internal information technology (IT) infrastructure correctly is an essential component for your business.

Small Business Cyber Security Guide

23 March 2021
In February 2021, the Australian Cyber Security Centre (ACSC) released a Cyber Security Guide tailored for small businesses.

Have you considered your cyber security risk exposure?

15 February 2021
While it’s assumed that your business may have risk management practices in place to identify and manage various risks associated with the business environment, have you considered your cyber security risk exposure?

Consumer Data Right Options

4 September 2020
As the CDR ecosystem expands, organisations are asking what models are available to access the Consumer Data Right (CDR) Open Banking data. A summary of options available for product owners is outlined below.

The impact of ransomware attacks on SMEs

1 September 2020
Ransomware threats remain prevalent within small to medium enterprises, taking multiple forms and requiring organisations to take a more proactive stance to protect key data and intellectual property.

RSM's Consumer Data Right (CDR) submission

30 July 2020
As the Consumer Data Right (CDR) Rules continue to evolve, RSM submitted a response to the request for submissions related to the draft ‘intermediary’ Rules, which were published in June 2020.