Home / Security Posture
OUR SECURITY

Our security posture

We hold ourselves to the same standards we set for our clients.

OUR APPROACH

Practice what we preach

At Strategic Cyber, we believe that credibility comes from practising what we advise. We apply the same Essential Eight maturity frameworks, access controls, and assurance methodologies to our own operations that we recommend to our clients.

Our security posture is not theoretical. Every control we implement, every policy we maintain, and every process we follow is designed to demonstrate that the standards we advocate for defence contractors are both achievable and necessary.

This approach builds trust with our clients and ensures our team understands the practical realities of compliance implementation — not just the theory.

Essential Eight aligned

Our own controls map to E8 ML2 maturity, ensuring we understand implementation from first-hand experience.

Continuous review cycle

We conduct regular internal security assessments, updates, and policy reviews to maintain and improve our posture.

Audit-ready culture

Our team understands audit readiness, evidence gathering, and compliance documentation — because we maintain them ourselves.

SECURITY PRACTICES

How we protect our operations

A detailed look at the security controls and practices Strategic Cyber implements across all operational areas.

Essential Eight Compliance

Strategic Cyber maintains Essential Eight maturity controls across all eight mitigation strategies. Our environment is aligned with ML2 standards and forms the foundation of our information security management system.

Data Handling & Encryption

Client data is protected through encryption in transit and at rest. We maintain strict data classification, access logs, and secure disposal procedures. Client confidentiality is enforced through contractual obligations and technical controls.

Personnel Security

All Strategic Cyber personnel hold current AGSVA security clearances. We conduct background checks, reference verification, and maintain training records. Clearance levels are verified regularly and staff roles are assigned according to least-privilege principles.

Physical Security

Our Braddon office is secured with access controls, visitor management, and CCTV. Physical access to sensitive areas is restricted and monitored. Equipment is maintained in secure locations with documented disposal procedures.

Access Controls

We enforce the principle of least privilege across all systems. Multi-factor authentication is mandatory. Privileged access is logged and reviewed quarterly. User access is revoked within 24 hours of role changes or departures.

Incident Response

Strategic Cyber maintains a documented incident response plan covering detection, response, communication, and recovery. We track security incidents, conduct post-incident reviews, and update controls based on lessons learned.

Supply Chain Security

We vet third-party tools and services for security alignment. Vendor agreements include security requirements. We maintain an inventory of critical dependencies and monitor for vulnerability disclosures affecting our supply chain.

Security Awareness

All staff receive security training covering phishing, data handling, password practices, and incident reporting. Training is refreshed annually and covers DISP and defence sector-specific threats and controls.

CONTINUOUS IMPROVEMENT

Staying ahead of the threat landscape

Our security posture is not static. The threat landscape evolves continuously, and so do our controls. We conduct quarterly security reviews to assess emerging risks, new vulnerabilities, and opportunities to strengthen our defences.

We monitor ASD security guidance updates, track industry threat intelligence, and incorporate lessons learned from our own incident response activities and those of the broader defence sector. This commitment to continuous improvement ensures Strategic Cyber remains secure, trustworthy, and credible.

Quarterly Security Reviews

Regular assessment of controls, logs, and vulnerabilities with documented remediation plans.

Threat Intelligence Monitoring

Ongoing tracking of ASD guidance, ACSC alerts, and industry threat intelligence relevant to our environment.

Policy & Control Updates

Security policies are reviewed annually and updated as new threats, technologies, or business needs emerge.

Vulnerability Management

Systems are patched within defined SLAs. Vulnerability scans are conducted regularly and results are tracked to closure.

Questions about our security practices?

If you'd like to discuss our security posture, controls, or have specific questions about how we protect client information, get in touch.

Get in Touch Book a Health Check