top of page

SERVICES

Cyber Security

The Cyber Security area can sometimes be viewed by stakeholders as a cost centre or a blocker, even a “tick in the box” that project managers need to receive before going live with a system implementation.

More advanced organisations see the Cyber Security function as a key business enabler – a valuable function which assists business to effectively manage technology and information risks so that services can be offered which might otherwise not be possible.  In the words of Sherwood et al, good security is like having high quality brakes on your car – better brakes let you drive much faster because you are confident you will be able to stop when you need to.



Advizon Consulting can help you to design, implement and operate a highly effective information security function to enable your business.  We start by developing a future vision and security strategy that aligns with the broader IT and business strategy for your organisation.  Then, we develop a comprehensive security architecture that enables the strategy’s achievement.   We design governance structures, roles and responsibilities that help you to oversee the implementation and ongoing operation of the security strategy, and construct appropriate performance monitoring frameworks that provide you with meaningful information to assist strategic decision making.



We can help you to assess cyber security risk exposures and design appropriate mitigation strategies to prevent, detect and respond to risk in a manner consistent with PSPF requirements, ISM, ACSC Cyber Security Guidance, ISO27001 and the Australian risk management standard AS31000.  We can reference international frameworks such as the NIST CSF, CoBIT and ITIL.  Then, we can work with you to design detailed implementation protocols and operational procedures that embed the necessary checks and balances to guard against your organisation’s security risks.  We can document all of this in a suite of security plans consistent with the requirements of the Australian Government Information Security Manual.



The strength of security safeguards tends to erode over time.  As environments change, so do the people responsible for them.  To gain confidence that security controls remain in place and continue to operate effectively, Advizon Consulting can perform a full range of security audits over your environment, including assessments of "Top four", "Essential Eight" and broader ISM security compliance, and are experienced performing PKI security audits under the Gatekeeper Compliance Audit Program / Trusted Digital Identity Framework.  But further than mere compliance, our consultants can leverage their deep experience to develop practical, effective recommendations to address any identified gaps in your security controls framework.

At its purest level, technology exists to better enable your organisation to realise its business goals.  You use your IT to achieve efficiencies over manual processing, to offer timely and cost effective services to your clients, to help you achieve compliance objectives, and to safeguard the integrity of your information assets.

Because the impact of “things going wrong” in these areas can be catastrophic, you operate a framework of control around IT services that is designed to prevent or detect the occurrence of significant risks, and to help you respond effectively in the event that they do.  But because environments change over time, and because many controls rely on people to operate them, the strength of your control environment can easily erode as time goes by.



The primary purpose of an Advizon Consulting IT audit is to provide a level of comfort that key controls remain in place, and operate effectively.  But we go further than this, working to add value to your organisation by identifying opportunities to improvecontrols - such as providing similar protections at a lower cost, providing a more robust layer of controls where needed, or a combination of both these things.

Advizon Consulting can plan, perform and report on a full range of IT audits including:

  • Governance and oversight, including implementation of IT strategy and supporting enterprise architectures.

  • Digital services and their key enabling technologies, including PKI authentication solutions.

  • Cyber security, examining strategies and their effective implementation and ensuring compliance with obligations.

  • Cloud services, examining service agreements, supply chain controls and assurance sources as well as validating service configuration and ability to decouple in the future.

  • Data audits, including identification of potentially suspicious transactions within your systems and the identification of potentially duplicate or “missing” data.

  • Application audits, whether bespoke developed or a COTS solution, to verify that systems are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of system activity.

  • Infrastructure and operating environments, including controls around information processing facilities, servers and data management/storage solutions.

  • Systems under development, focusing on how effectively the development methodology is being applied throughout the project, and the extent to which suitable controls are built in to the system being delivered.

  • Business resilience, examining the combination of high availability, business continuity planning and disaster recovery planning, testing and maintenance.

IT Audit

Program and project assessment

Some of your organisation’s most significant projects seek to deliver business benefits through the automation of processes, or the provision of modernised technology that can take advantage of the latest developments.  These projects represent a large proportion of total investment so it’s critical that they deliver the anticipated outcomes within agreed budgets, according to schedule.  Much has been written about ensuring projects succeed…and yet, these projects are often regarded as anything but successful. 



Advizon Consulting can provide a periodic project check-up service designed to assess the effectiveness of program and project management techniques that are being applied to your critical initiatives.

Our check-up reviews have been constructed to focus on the most critical management elements which, if not well executed, will threaten the success of your initiatives.  These include:

  • Benefits management

  • Scope management

  • Stakeholder management

  • Resource management

  • Cost management

  • Schedule management

  • Risk and issues management


Our check-up reviews examine each of these areas throughout the project life cycle, with varying focus on each area as the project matures.  Our initial focus is on the design and implementation of management systems and processes that assess the extent to which the initiative begins with a solid foundation.  Later reviews concentrate on ongoing operational effectiveness and seeking to identify opportunities for continuous improvement.

 

There are distinct synergies when program or project check-ups are teamed with our systems under development audit service.  Combining these services can assist clients to not only address project and program risk, but also address solution risks specific to the system being implemented.

An effective Governance, Risk and Control (GRC) framework is a critical foundation stone for your business to achieve its strategic goals.  Each element works with the other two to reinforce the overall GRC environment - and conversely, if one of the three is ineffective then your organisation can unravel. 

Advizon Consulting can work with the Executive to create technology governance structures to effectively oversight the organisation's IT service delivery and initiatives.  We apply the IT Governance Institute's guidance in this regard to identify an appropriate committee structure and charter, define roles and responsibilities and implement appropriate monitoring mechanisms designed to ensure effective and transparent communication between those charged with actuating the IT strategy, and those charged with governance.

Governance resources are not unlimited, and it makes sense for responsible officers to focus efforts in those areas of greatest risk to the organisation.  This decision itself is reliant on a robust risk management framework across the business, that is well understood and effectively applied by business areas.  Advizon Consulting can assist your organisation through review and improvement of existing enterprise risk management frameworks, and through working with your business areas in their assessment of risks and responses. 

Further, new initiatives often mean changes to your existing risk profile and it is imperative that a formal review of risk be undertaken as part of your projects.  In a technology sense, initiatives must observe security policy requirements including development of Security Risk Management Plans that drive the extent of manual and system based controls that need to exist in order to effectively prevent, detect and respond to risk.  



Advizon Consulting can work with project managers and system owners to assess a comprehensive array of business and technology related risks, and devise appropriate control countermeasures to reduce current risks to acceptably low levels.

IT Governance, Risk and Control

Program and project management

Some of your organisation’s most significant projects seek to deliver business benefits through the automation of processes, or the provision of modernised technology that can take advantage of the latest developments.  These projects represent a large proportion of total investment so it’s critical that they deliver the anticipated outcomes within agreed budgets, according to schedule.  Much has been written about ensuring projects succeed…and yet, these projects are often regarded as anything but successful.



Advizon Consulting can ​create a controlled environment for your projects.  Leveraging more than twenty years’ experience working with the Australian Government, Advizon Consulting can work closely with sponsors/owners to confirm the outcomes that will mean the project is a success – and can implement appropriate management techniques to ensure that these outcomes are realised.

We work within your existing frameworks to plan and manage programs and projects, keeping stakeholders properly informed throughout and maintaining a focus on project benefits throughout.  



We carefully monitor the schedule, budget, scope, resourcing, risks and issues associated with the initiative.  We also work to manage change by communicating with key stakeholders, and by maintaining a motivated and enthusiastic team who are committed to achieving outcomes.

Advizon Consulting can work with CIO’s, Service and Infrastructure Owners, Application Owners and Data Owners to assist them in developing a vision of the future state of technology within your business, and a roadmap of activity necessary to achieve your vision.



We do this by firstly taking stock of the current state of technology in your organisation, its strengths and limitations.  Then, we work closely with business area representatives across the organisation to gain an understanding of how the business needs technology to enable it.  We identify a range of technology solutions that could help to realise the business needs, and work with you to rank the options and select the most preferable solutions.  We construct programs of initiatives wherever practical to do so, and develop a roadmap for the implementation of each program.

As your strategy progresses over the coming three years, Advizon Consulting can perform periodic “check in” assessments that determine the extent to which your strategic initiatives remain aligned with business need, remain on track to achieve the desired business benefits, and where necessary, we can recommend actions to adjust so that the chances of achieving anticipated benefits are maximised.

Strategy and architecture

bottom of page