top of page

Threat & Risk Consulting



The scale of the threat and the tenacity of attackers shouldn’t be a surprise. With the size of the internet economy alone estimated to be about $4.2 trillion in 2016 (Boston Consulting Group-) and online trade accounting for an ever-increasing share of global GDP, criminals inevitably see opportunities in the vulnerabilities of digital businesses.


Although awareness of the threat has never been higher, a majority of businesses do not comprehend the methods and motivations of the attackers or fully understand the scale of the threat. Only a small minority feel fully prepared.  



Our consultants prepare you to understand the risks, so that the businesses can evaluate at true merit the cost of risk vs relative costs of mitigation, avoidance, transfer or acceptance.  Whether the requirement is driven by regulatory compliance requirement or by due care, we’re here to help.  

Prepared with a more realistic understanding of the potential impact of a cyberattack, executives can invest in risk-focused programs to be more secure, vigilant, and resilient, and gain greater confidence in their organization’s ability to thrive, even in the face of a cyber crisis.


Effective cyber resilience requires initiative and a commitment of resources to assess and develop appropriate strategies, including planning responses to a cyber attack. You should seize the opportunity to assess your threats and vulnerabilities now, and understand where and how your most valuable information is held.


Through that assessment, you can prioritise resources to mitigate the risk of being affected disproportionately by a cyber attack.

A risk assessment enables expenditure on controls to be balanced against the business harm that may result from security failures.

Each organization undertaking a risk assessment requires a slightly unique approach, but in main part, methodologies are quite similar as per industry best practices and standards.

Identify and Document Asset Vulnerabilities;

Identify and Document Internal and External Threats;

Acquire Threat and Vulnerability Information from External Sources;

Identify Potential Business Impacts and Likelihoods;

Determine Enterprise Risk by Reviewing Threats, Vulnerabilities, Likelihoods and Impacts;

Identify and Prioritise Risk Responses.


We implement the risk assessment leveraging one or more of following standards (baseline) depending on requirements. These Include: 

  • National Institute of Standards (NIST) SP 800 Series

  • International Organisation for Standardisation (ISO) 27000 Series

  • Australian Signals Directorate - Information Security Manual (ISM)

  • Payment Card Industry Data Security Standard (PCI DSS)

  • Open Web Application Security Project (OWASP)

  • Open Source Security Testing Methodology Manual (OSSTMM)

  • Control Objectives for Information and Related Technologies (COBIT) 

  • Information Technology Infrastructure Library (ITIL 20000)

  • Sysadmin, Audit, Network, Security (SANS) Security Policy Resource

  • The EU General Data Protection Regulation (GDPR)


  • Security strategy and execution

  • Threat analysis

  • Security Operations Center (SOC) design and implementation

  • Global deployment and support

  • Security audits and assessments

  • Regulatory and compliance programs

  • Staff augmentation and employee training

  • Incident response, postmortem analysis and remediation

bottom of page