Technical Security Assessment

Technical Security Assessment

Every organisation maintains valuable assets, whether sensitive data or systems that are critical to operations. Organisations must understand whether security efforts and controls are enough to protect their most valuable assets. Technical Security Assessments help you determine whether these assets are being properly secured.

Security testing is a process by which technical methods are used to identify findings that support the broader enterprise risk management program. Examples include:

  • Regulatory-required testing
  • Resting of new solutions
  • Validation of processes


Darren Booth
National Head of Security and Privacy Risk Services

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

A thorough security testing approach looks at vulnerabilities from several perspectives using a variety of different tools (developed in-house, open sourced or commercially licensed) that can respond to a wide range of organisational needs.

Contact a workplace assurance specialist


RSM partners with your organisation to grow your security maturity starting from the most vulnerable parts of your business. This ensures rapid growth and an immediately shrinking risk profile. We ensure a methodological approach to secure your systems as you become more resilient to cyber-attacks from casual hackers to sophisticated cyber criminals and hacktivists.

The results from each engagement identify your current risks and confirm the effectiveness of existing controls. RSM works with you to consider the threat actors relevant to your industry and your risk appetite. We then decide on the most appropriate risk remediations for your organisation.

RSM is a Crest certified company. Our penetration testers are OSCP and Crest certified. Partnering with us to raise your organisation’s security maturity shows your customers you take their date security and privacy seriously.

Who needs this?

Attackers are consistently finding new ways to exploit businesses’ vulnerabilities to compromise their assets and acquire sensitive information. Businesses that wish to assess where they stand against these attackers and determine their ability to protect against cyberattacks would benefit greatly from RSM’s security testing services.

Cyber security


RSM will work with you to identify key business objectives and suggest a testing approach to help you accomplish your goals. Examples of the types of security testing services we offer include:

  • Vulnerability assessments: Vulnerability assessments use a mostly automated approach to identify vulnerabilities on several different network assets including, but not limited to, network devices, operating systems, web applications and web servers. Our vulnerability assessments can benefit organisations of any size and can identify exposures on internal or external systems. These scans give you an overall picture of the vulnerabilities present on your networks and assist in vulnerability risk management.
  • Penetration testing: Penetration tests demonstrate how a malicious attacker might breach an organisation, with the tests helping to prevent such an occurrence. Penetration tests are conducted within an allotted timeframe and offer close to real-life examples of an attacker targeting your organisation. Through penetration tests, RSM consultants will attempt to breach the organisation by acting as an unauthorised user, with the goal of compromising your networks and data.
  • Red team assessments: Undergoing a real-life attack scenario on how an organisation could be compromised can help to test preventative and detective controls. This simulation uses the same basic approach included in penetration testing, except it is performed over a longer time period, with the main goal of being undetected by simulating attacks used by real-world adversaries. This type of testing aims to determine the effectiveness of an organisation’s detective and incident response controls.
  • Application testing: Application testing identifies critical web application vulnerabilities that may be leveraged to either breach systems and applications or gain access to sensitive data. We offer comprehensive static analysis assessments that analyse an application’s source code for potential vulnerabilities that could be leveraged by an attacker, and a dynamic penetration assessment where we interact with the application like a typical end user.
  • Social engineering testing: One of the most common and successful attack strategies, social engineering exploits weaknesses in human nature, rather than hardware, software or network vulnerabilities. These attackers manipulate employees to reveal passwords or download malware-infected files that result in stolen network credentials, data breaches and fraud. Social engineering testing assesses the security risk awareness of your employees through tactics that include phishing (email), vishing (phone) and physical based tests.
  • Wireless testing: Most organisations are using some sort of wireless technology to support their employees or customers, which makes it an increasingly prominent target for cyberattacks. Wireless networks provide convenience and mobility but bring their own risks that are often overlooked as organisations test and secure their environments. This testing determines if wireless technologies present an unacceptable level of risk, including their configuration, hardening, usage and security of endpoints (e.g., laptops and mobile devices).
  • Firewall assessment: We use automated tools and manual techniques to analyse your firewall’s configuration and ruleset line by line to ensure it meets best practices and hardening techniques.
  • Network architecture review: We assess an organisation’s overall network design from a security perspective by using industry best practices to reduce the potential attack surface, including DMZ placement, network segmentation, external presence and system hardening.
  • System hardening & configuration testing: By looking at the security controls on specific devices, we help you set minimum security baselines across your organisation. Our professionals analyse the asset’s configuration against industry standard practices and hardening techniques. The review identifies exposure and breach-response capabilities by looking at logging and alerting abilities, ingress and egress points, and compensating controls. We also assess the asset’s configuration for the implementation of existing minimum security baselines, use of secure protocols, use of proper patching, identification of known vulnerabilities and overall levels of system access.

While each security test uses different methodologies, the following is universal to all of them:

Technical security assessment

RSM offers Workplace health and wellbeing culture assessments

8 Global healthcare trends driving health industry change in 2022

7 November 2022
What are the global healthcare trends driving industry change in 2022? We have collated contributions from across RSM’s global healthcare community – working with over 3,000 healthcare organisations - to examine the most impactful trends driving change across the health sector. For each trend, we’ve included the key considerations for healthcare leaders, to shape the debate on navigating the post-pandemic world.

Cyber security in agriculture: How to adopt technology and keep your business secure

11 July 2022
Cyber security in agriculture is a growing concern.  Innovative technology like smart-sensors can help save a harvest from the whims of Mother Nature, but internet-connected devices do come with added risk. RSM Sydney's Director of Risk Advisory, Ashwin Pal, talks about the cyber risk that comes with smart technology in agribusiness and how to innovate securely.

Now is the time for Risk and Cyber Security to work closer together

29 March 2022
Having worked across all of Asia Pacific in previous roles, RSM's cybersecurity and privacy specialist Ashwin Pal has seen and experienced how things are done broadly within the region. 

Protect the future of your business with security certification

2 December 2021
Cybersecurity is a real risk and one that needs to be considered and managed effectively in order to protect the future of your business. 

Staying on top of our Cyber Hygiene

1 December 2021
One of the implications of COVID on our digital lives is that we are now more online than ever before. 

RSM and Avertro forge a partnership to secure Australian businesses

26 October 2021
RSM Australia (RSM), one of the largest mid-tier accounting firms in Australia, are joining forces with Avertro, a sovereign Australian cybersecurity startup, in an industry-leading partnership that will improve the cyber resilience of Australian businesses.

Cyber Security - Board, Audit and Risk Committee Responsibility

28 September 2021
There aren't too many weeks that go by where there isn’t a new significant data breach reported.

3 tips to protect your government agency from a ransomware attack

23 September 2021
Are you scared of being a victim of ransomware?

RSM Australia is prequalified for the NSW ICT Services Scheme (SCM0020)

16 September 2021
Earlier this year, the NSW Stage Government announced the release of the NSW CSP 4.0. One of the key drivers for this Policy is the uplift of cyber resilience in government in response to the significant increase in cyber attacks in Australia. 

Why public entities and non-profits need to step up cyber security

19 July 2021
As the past few years have shown, no organisation is exempt from the dangerous and malicious actions of criminal cyber entities. 

Bootstrapping your IT infrastructure for under $5K

30 April 2021
Developing your internal information technology (IT) infrastructure correctly is an essential component for your business.

Have you considered your cyber security risk exposure?

15 February 2021
While it’s assumed that your business may have risk management practices in place to identify and manage various risks associated with the business environment, have you considered your cyber security risk exposure?

RSM's Consumer Data Right (CDR) submission

30 July 2020
As the Consumer Data Right (CDR) Rules continue to evolve, RSM submitted a response to the request for submissions related to the draft ‘intermediary’ Rules, which were published in June 2020.

Five considerations for boards to improve data privacy

3 July 2020
Data privacy awareness and compliance are crucial to handling emerging threats, and are fast becoming a major area of consideration among organisations and individuals.

Cyber security - what's old is new again

11 June 2020
User credentials of millions of users have been compromised over the years as a result of cyber incidents.