Self-Assessment results explained

Security Risk Self-Assessment

An Explanation Of Your Results

Red Rhombus has collated responses from real-world Defence audits along with information found in the Australian Government Information Security Manual to indicate your organisation’s cybersecurity preparedness to provide products or services to Defence and other government organisations.

The results from this self-assessment are intended as an indication only and should be reviewed with your IT security provider and assigned Defence Prime Subcontracts Manager.  

For a detailed analysis of your results and to develop a strategy to improve them, contact Red Rhombus.

The questions are grouped into three key sections:

Govern: Identifying and managing security risks. 

Protect: Implementing security controls to reduce security risks. 

Detect & Respond: Detecting, responding to, and recovering from cybersecurity incidents 

There are three possible grades for each section:

Fail 

If you received a fail score on any of the sections, your organisation will be assessed as not suitable to provide services or products to Defence or Defence Primes. A detailed analysis of your results and IT systems is required to implement mitigation strategies to meet or exceed the requirements.

Marginal

If you received a marginal score on any of the sections, your organisation may be assessed as not suitable to provide services or products to Defence or Defence Primes. A detailed analysis of your results and systems should be undertaken to ensure you meet the requirements.

Pass 

If you received a pass score for all of the key sections your organization will likely be assessed as suitable to provide services or products to Defence or Defence Primes. A detailed analysis of your results and systems should be undertaken to ensure you meet the requirements. To streamline your application, you should consider making an application for Defence Industry Security Program (DSIP) membership.

Suggestions from our experience

Here are some of our tips:

  • If you answered a) to any question in the self-assessment, you will be assessed as NOT suitable. 
  • If you answered b) to all questions in a section in the self-assessment, you will be assessed as NOT suitable. 
  • If you do not meet at least Maturity Level One for all Mitigation Strategies in the Essential Eight Maturity Model, you will be assessed as NOT suitable. 
  • From our experience, it is better to pass the audit first time than to fail, implement mitigation strategies and then reassess. 
  • Security Audits from Defence Primes are assessed on a sliding scale. This means that companies with more robust cybersecurity standings are given more weight in consideration for subcontracts.

For a detailed analysis of your results and to develop a strategy to improve them, contact Red Rhombus.

Your business deserves a higher standard of Managed IT

We believe that technology should empower your teams, support your business goals and deliver measurable results. After you experience our level of IT service, Red Rhombus will show you why IT isn’t just another cost of doing business. You’ll understand why IT is the essential business function it has become to the modern business today and how to leverage it. Get a quote now!

Discover a new standard of Managed IT
Security Risk Self-Assessment