Cyber Services & Assessments


Goal Group provides specialised services to assess your cyber security readiness in conformance with defence relevant regulations and standards. These include ASD Essential 8, DISP, ITAR, NIST 800-171, CMMC and ISO27001/2.

In addition to assessment services, we provide specialised security software that can quickly cover off the gaps identified during the assessment and secure your data to defence standards.


Cyber Security is a major concern for Defence and Primes and has a direct impact on your ability to do business in defence. According to Financial review

“40% per cent of small and medium businesses vying to win defence contracts are being rejected because of lax cyber-security practices” (Feb 2021).

The importance of Cyber is only going to increase. The current geopolitical situation around Australia and the new US based CMMC standard is already having an impact, with Primes increasing their push on their suppliers to safeguard their digital assets.


We have established a reputation for quality, well designed solutions that don’t cost the earth. We work with you to provide a solution that best serves your needs.

Our Goal Group solutions cover all the gaps that you might not have considered, so that you’re safe from data breaches in day-to-day situations. One of our Group partners were recognised as being in the top 10 enterprise security solutions providers in APAC 2019.

Detailed Cyber Risk Assessments

The first step in any Cyber Resilience Program is an assessment of your business. The intention is not to initially correct the risks, but to inform the stakeholders so that a prioritised and manageable improvement program can be developed and implemented. This will enable management to make informed choices around investment to mitigate risks.

Cyber risk mitigation options typically include:

  • resolving the problems internally;
  • seeking external speciality support available thru the Goal Group; or
  • adjusting the risk level by other action such as providing training, removing unnecessary data, or other operational changes.

The risk assessment consists of two parts:

  1. the first is to understand the situation and technical risk;
  2. the second is to evaluate the effectiveness of management controls.

Assessment Focus Areas:

  • Situational risk – this is an assessment of the type of data, its use, access, security, and monitoring. The e-Safe Compliance Assessment is recommended for this. The findings from this assessment will influence the scope and detail of the second part.  Areas covered in this assessment are described under e-Safe.
  • Control risk – assessment of the appropriateness and effectiveness of management controls, given the level of Situational risk.   This assessment is conducted as a document review and a series of interviews with managers and staff. Areas covered in this assessment include:
  • Documented policiesg., privacy, data security
  • Checklistsg., onboarding and offboarding of personnel
  • Proceduresg., data breach plan, data cleansing, incident response
  • Trainingg., inductions, incident responsibilities, password controls, use of emails.
  • Security monitoringg., system controls, vulnerability testing, applications – local and cloud
  • Personnel monitoringg., permission and authority tables, recruitment checks.

Post Assessment: After the assessment, a written report is prepared which describes what was assessed, findings, an evaluation of risk, priorities, and opportunities for improvement.   These reports can develop your own improvement initiatives, or to define the scope of work for external experts, should you choose to engage them.

CYBER Products: Our Goal Group Partner products are world leading in their demonstrated effectiveness to increase cyber resilience of organisations. Learn More