Information and Cyber Security Risk

Information and Cyber security risk

Information and Cyber Security Risk

Organisations face the dual challenge of meeting client needs and protecting their information. Evolving business needs, disruptive technologies and changing compliance requirements often introduce challenges and risks to the organisation.

Confusing regulations, antiquated systems, acquisitions and limited resources can leave organisations exposed and provide roadblocks, keeping them from implementing a consistent, repeatable and sustainable security program against cyber threats.

As cyber security continues to affect the bottom line, the need to continually assess and improve your security program is paramount.


Darren Booth

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

RSM’s cloud security assessment demonstrates the value and use case for organisations within your industry to leverage cloud services, cloud access security brokers and related components that drive toward improved security measures in the cloud.

Information and cyber security

To compound an already complex cyber landscape, companies now are facing liability for significant penalties even when no data breach occurs. This is due to new compliance requirements dictating how sensitive data can be stored and used.

With evolving data privacy regulations, such as the General Data Protection Regulation (GDPR) and the Australian Privacy Principles (APP), organisations must be aware of how they are handling their customer's personal data and sensitive information. This includes customer permission to even possess the data, and the different regulations they are required to comply with.

RSM’s risk consultants combine industry and technical experience to tailor our approach to your unique business. This allows us to identify your highest risks and help plan for protection and compliance. We work with you to:

  • Assess physical, cyber and personnel vulnerabilities from various attack scenarios
  • Design, implement and manage your enterprise security program
  • Develop a program to proactively comply with evolving data privacy regulations
  • Use digital forensics for swift attention to security breaches or civil/criminal litigation issues
  • Build a compliance program that aligns to various regulations such as GDPR, PCI, NIST, HIPAA and APP
  • Develop an agile governance structure across all facets of security that aligns with your business strategy
  • Build a culture and awareness around key cyber security considerations

RSM Information and Data Pricavy services

With guidance from RSM’s Cyber Security and Privacy risk consultants, you can drive your business forward with confidence, knowing your most important assets are protected.

Contact a workplace assurance specialist


RSM has a variety of professionals who are well-versed in many different industries. With their experience, they can help provide an organisation with direction and resources to assist in augmenting information technology staff and leaders to meet operational requirements.

In addition, our team of professionals can help security leaders show a return on investment through collaboration and development of key metrics.

Who needs this?

If your business is currently facing difficulties in meeting required security standards or is failing to meet your own internally set goals, our Cyber Security governance and compliance service will be beneficial to you. Our knowledgeable staff will collaborate with you to determine your information security needs.

Overview of Services

Viewing your organisation holistically, we will assess your organisation's security and privacy technical, compliance and risk management environments. Following the evaluation, your team will know where any existing holes are, how to fix them and how best to manage the metrics going forward.

After collaborating with you to understand and assess your information security needs, our professionals help you identify a governance framework to fit your needs. Some widely used governance frameworks include:

  • International Organization for Standardization (e.g., ISO 27001/27002)
  • National Institute of Standards and Technology (e.g., NIST CSF, NIST SP800-53, 800-171, etc)
  • Center for Internet Security (CIS Critical Security Controls, CIS Benchmarks)
  • Governmental standards, such as The Essential Eight, ISM, PSPF, VPDSF and others
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Industry best practices from the SANS Institute, ISACA, ISC2

We recognise that methodologies and frameworks may not always be “one size fits all.” Our team helps you adapt or blend standard frameworks or custom tailors a unified controls framework to address your unique needs.

Once a framework has been identified or created, RSM can help you fulfil the requirements or recommendations of that framework with our additional compliance and governance service offerings:

  • Data and system classification
  • Policy and governance
  • Operational and technical security risks
  • Compliance/regulatory/legal exposure
  • Business continuity capabilities
  • Internal security
  • Wireless communications
  • Physical security

When conducting our cyber security assessments, RSM performs a holistic approach to evaluate your controls and potential gaps that may exist. We then work with our clients to determine which approach best suits their needs by applying the following methodology:

Technical security assessment

RSM offers Workplace assurance advice

Five considerations for boards to improve data privacy

3 July 2020
Data privacy awareness and compliance are crucial to handling emerging threats, and are fast becoming a major area of consideration among organisations and individuals.

Consumer Data Right (CDR) information security accreditation

23 June 2020
Obtaining assurance on the security of your CDR data environment. With CDR going live on 1 July 2020, Accredited Data Recipient (ADR) applicants must demonstrate the security effectiveness of their people, processes and technology. The key is to demonstrate security, whilst minimising the cost.

Cyber security - what's old is new again

11 June 2020
User credentials of millions of users have been compromised over the years as a result of cyber incidents.

Real estate organisations are a new target as cyberthreats continue to grow

25 May 2020
With the magnitude of security and data breach cases highlighted regularly in the media, most executives of real estate companies are aware that they will likely become a victim of a cyberattack.

Which security framework is right for you?

1 May 2020
With significant data breaches and cyberattacks making headlines almost on a daily basis, many organisations have realised the need for more effective security measures.

Is COVID-19 an excuse to forgo forensic due diligence or integrity checks?

20 April 2020
In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks.

Business has changed again - is it time to update your business systems?

14 April 2020
Many businesses were planning to put 2019 behind them and were looking forward to 2020 with some optimism.  However, with the impact COVID-19 being felt by all, the first quarter of 2020 has not gone to plan.

How to cut IT costs when cash flow is tight

9 April 2020
With most businesses across Australia suffering a steep blow to cash flow in the current climate, it’s never been more important to eliminate wasteful spending.

Home office security essentials and tax deductions during COVID-19

26 March 2020
To minimise the spread of COVID-19, businesses across the globe are hurrying to implement remote working for employees.

COVID-19 and a remote workforce - steps to securing your organisation against cyber-attacks

24 March 2020
The global fear surrounding COVID-19 has forced many organisations to develop ‘Coronavirus Plans’ and consider alternate working methods. In an effort to protect the health of employees during this uncertain time, it is also critical to consider the cyber security health of your organisation.