Technical Security Assessment

Technical Security Assessment

Every organisation maintains valuable assets, whether sensitive data or systems that are critical to operations. Organisations must understand whether security efforts and controls are enough to protect their most valuable assets. Technical Security Assessments help you determine whether these assets are being properly secured.

Security testing is a process by which technical methods are used to identify findings that support the broader enterprise risk management program. Examples include:

  • Regulatory-required testing
  • Resting of new solutions
  • Validation of processes


Darren Booth
National Head of Security and Privacy Risk Services

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

A thorough security testing approach looks at vulnerabilities from several perspectives using a variety of different tools (developed in-house, open sourced or commercially licensed) that can respond to a wide range of organisational needs.

Contact a workplace assurance specialist


RSM partners with your organisation to grow your security maturity starting from the most vulnerable parts of your business. This ensures rapid growth and an immediately shrinking risk profile. We ensure a methodological approach to secure your systems as you become more resilient to cyber-attacks from casual hackers to sophisticated cyber criminals and hacktivists.

The results from each engagement identify your current risks and confirm the effectiveness of existing controls. RSM works with you to consider the threat actors relevant to your industry and your risk appetite. We then decide on the most appropriate risk remediations for your organisation.

RSM is a Crest certified company. Our penetration testers are OSCP and Crest certified. Partnering with us to raise your organisation’s security maturity shows your customers you take their date security and privacy seriously.

Who needs this?

Attackers are consistently finding new ways to exploit businesses’ vulnerabilities to compromise their assets and acquire sensitive information. Businesses that wish to assess where they stand against these attackers and determine their ability to protect against cyberattacks would benefit greatly from RSM’s security testing services.

Cyber security


RSM will work with you to identify key business objectives and suggest a testing approach to help you accomplish your goals. Examples of the types of security testing services we offer include:

  • Vulnerability assessments: Vulnerability assessments use a mostly automated approach to identify vulnerabilities on several different network assets including, but not limited to, network devices, operating systems, web applications and web servers. Our vulnerability assessments can benefit organisations of any size and can identify exposures on internal or external systems. These scans give you an overall picture of the vulnerabilities present on your networks and assist in vulnerability risk management.
  • Penetration testing: Penetration tests demonstrate how a malicious attacker might breach an organisation, with the tests helping to prevent such an occurrence. Penetration tests are conducted within an allotted timeframe and offer close to real-life examples of an attacker targeting your organisation. Through penetration tests, RSM consultants will attempt to breach the organisation by acting as an unauthorised user, with the goal of compromising your networks and data.
  • Red team assessments: Undergoing a real-life attack scenario on how an organisation could be compromised can help to test preventative and detective controls. This simulation uses the same basic approach included in penetration testing, except it is performed over a longer time period, with the main goal of being undetected by simulating attacks used by real-world adversaries. This type of testing aims to determine the effectiveness of an organisation’s detective and incident response controls.
  • Application testing: Application testing identifies critical web application vulnerabilities that may be leveraged to either breach systems and applications or gain access to sensitive data. We offer comprehensive static analysis assessments that analyse an application’s source code for potential vulnerabilities that could be leveraged by an attacker, and a dynamic penetration assessment where we interact with the application like a typical end user.
  • Social engineering testing: One of the most common and successful attack strategies, social engineering exploits weaknesses in human nature, rather than hardware, software or network vulnerabilities. These attackers manipulate employees to reveal passwords or download malware-infected files that result in stolen network credentials, data breaches and fraud. Social engineering testing assesses the security risk awareness of your employees through tactics that include phishing (email), vishing (phone) and physical based tests.
  • Wireless testing: Most organisations are using some sort of wireless technology to support their employees or customers, which makes it an increasingly prominent target for cyberattacks. Wireless networks provide convenience and mobility but bring their own risks that are often overlooked as organisations test and secure their environments. This testing determines if wireless technologies present an unacceptable level of risk, including their configuration, hardening, usage and security of endpoints (e.g., laptops and mobile devices).
  • Firewall assessment: We use automated tools and manual techniques to analyse your firewall’s configuration and ruleset line by line to ensure it meets best practices and hardening techniques.
  • Network architecture review: We assess an organisation’s overall network design from a security perspective by using industry best practices to reduce the potential attack surface, including DMZ placement, network segmentation, external presence and system hardening.
  • System hardening & configuration testing: By looking at the security controls on specific devices, we help you set minimum security baselines across your organisation. Our professionals analyse the asset’s configuration against industry standard practices and hardening techniques. The review identifies exposure and breach-response capabilities by looking at logging and alerting abilities, ingress and egress points, and compensating controls. We also assess the asset’s configuration for the implementation of existing minimum security baselines, use of secure protocols, use of proper patching, identification of known vulnerabilities and overall levels of system access.

While each security test uses different methodologies, the following is universal to all of them:

Technical security assessment

RSM offers Workplace health and wellbeing culture assessments

Real estate organisations are a new target as cyberthreats continue to grow

25 May 2020
With the magnitude of security and data breach cases highlighted regularly in the media, most executives of real estate companies are aware that they will likely become a victim of a cyberattack.

Which security framework is right for you?

1 May 2020
With significant data breaches and cyberattacks making headlines almost on a daily basis, many organisations have realised the need for more effective security measures.

Is COVID-19 an excuse to forgo forensic due diligence or integrity checks?

20 April 2020
In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks.

Business has changed again - is it time to update your business systems?

14 April 2020
Many businesses were planning to put 2019 behind them and were looking forward to 2020 with some optimism.  However, with the impact COVID-19 being felt by all, the first quarter of 2020 has not gone to plan.

How to cut IT costs when cash flow is tight

9 April 2020
With most businesses across Australia suffering a steep blow to cash flow in the current climate, it’s never been more important to eliminate wasteful spending.

Home office security essentials and tax deductions during COVID-19

26 March 2020
To minimise the spread of COVID-19, businesses across the globe are hurrying to implement remote working for employees.

COVID-19 and a remote workforce - steps to securing your organisation against cyber-attacks

24 March 2020
The global fear surrounding COVID-19 has forced many organisations to develop ‘Coronavirus Plans’ and consider alternate working methods. In an effort to protect the health of employees during this uncertain time, it is also critical to consider the cyber security health of your organisation.  

15 Ways to Improve Cyber Security - Ebook

12 December 2019
Experts predict that worldwide, cybercrimes of all kinds will cause losses of $6 trillion annually by 2021.