Cybersecurity Risk Assessments

Cyber security risk assessments for defence-level governance and compliance capabilities.

Readying Your Site

Cogito Group can assess your current and potential cyber security risks as an organisation. We can recommend and develop control frameworks to improve logical and physical security. We can align your organisation with global defence standards. If you are applying for provider membership where compliance standards are non-negotiable, we will aid you in development of controls prior to your compliance assessments.

Defensive Security

Cogito Group can provide assistance, training, software, and hardware solutions to help align your organisation with international security standards required for defence level security. We provide frameworks for physical and logical access, and documentation standards. If you are looking to secure your organisation to the standards required by  ISO 27001, NIST 800-171, or DEFSTAN 05-138, Cogito can provide a pre-assessment of your physical and logical security.

Pre-Certification Standardisation

Cogito Group’s pre-certification assessments will aid in developing security controls within organisations. These controls are designed to improve governance and compliance for organisations seeking accreditation.

Maturity of Current Cybersecurity Practices

Cogito have secured information technology services for the Australian Defence Force and operate as members of DISP. Cogito can assess your current security standards against federal maturity levels of cyber security, and emerging threats. Using this Cogito will create a risk assessment treatment plan.

Physical and Logical Access

Cogito Group are expert systems integrators. Our experts have specialist knowledge of the convergence of physical and logical access systems. This experience can be used to design both logical and physical systems to improve governance and compliance.



Our consultants have the skills and experience to train your staff to recognise both physical and logical risks. We’ll show you how to mitigate accordingly through tools, technology, or behavioural changes.


Cogito offers consultancy services for the development of policy and trusted frameworks within both physical and logical access systems.


Cogito offers consultancy services for the development of policy and trusted frameworks within both physical and logical access systems.

Secure Technology

Cogito works with best-of-breed hardware providers to ensure yout technological chain of trust is first in risk mitigation technology.


The Cyber Security Risk Landscape

As the cyber security threat landscape evolves, physical and logical security posture must be kept consistent throughout the technological ecosystem. Cogito Group are experts in cyber security and system integration.

With Cogito’s assistance your organisation can ensure it meets cyber security requirements, throughout your entire supply chain, including resource and staff management.

Risk Management Decision Making

Cogito Group can show you how to understand the risks your organisation faces and make informed decisions in mitigating these. We will design a framework for risk mitigation that integrates logical and physical access, documentation standards, organisational culture, and technology.

Physical Access Control

Physical access technologies are no longer restricted to one building, state, or nation. As our organisations communicate and integrate we require cross-organisational, interbuilding, physical access solutions. In the wake of internal threats we require a convergence of physical and logical security to assess behavioural data and fortify access control. Cogito Group consultants have a breadth of experience in producing highly secure physical access security across organisations.

Logical Access Control

Cogito are experts in the convergence of PACs and LACs. Our software products combine with physical access authentication to allow protection against logical access and ensure user identities have been fully established. This provides organisations with additional layers of security. We are experts in every aspect of PKI, encryption and IdM. We are able to offer specialised advice regarding security concerns and integrations.

International Standards Required by Defence Providers

ISO 27001

ISO 27001 is the international standard for Information Security Management Systems. ISO 27001 is assessed against the criteria of confidentiality, integrity, and availability.

NIST 800-171

NIST 800-171 is the United States national standard for protecting controlled unclassified information in non-federal systems and organisations.


The UK Defence Standard 05-138 is the national standard for defence providers. The standard refers to five risk profiles based on a cyber security risk assessment developed by the Ministry of Defence.

ASD Essential 8

Cogito’s offering includes strategies to help your organisation meet and implement the Australian Signals Directorate Essential 8. For organisations interested in defence-like strategy, the top four priorities are:

Application Whitelisting

Application Whitelisting should be implemented to ensure all software, devices and services only allow approved application access.

Patching Applications

When vendors identify and notify customers of security vulnerabilities, subsequent applications must be patched or updated within one month of the vulnerability being identified.

Patching Operating Vulnerabilities

In the case of Operating Systems with security vulnerabilities these must be patched, updated, or replaced with supported versions.

Restricting Admin Privileges

Cogito can offer expertise and consultancy in best practices for limiting policy security controls and obtaining further visibility over staff and administrative accounts.

Cybersecurity Resources

Cogito offers the following cyber security resources for improved governance and compliance capabilities.

Multi-Factor Authentication

OTP and Certificate-Based Authentication

Backup Reporting

Embedded Linux Support

Protect Against Bots and Ransomware

Physical and Logical Access

Endpoint Protection Reporting

Firewall Reporting and Monitoring

Switching Monitoring Through Network Discovery

Configuration Management Database Capability

Consultancy and Training

GP Reporting for Baseline