• Risk Management
  • Standards Support
  • CISO/ITSM Advice
  • Security Policy & Process Development

Risk Management

Risk management is the foundation of all security implementation. It is also an excellent way for an organisation to test the maturity of its security arrangements and policies.

InPhySec can help you with:

  • Risk policy and procedure development
  • Risk identification
  • Risk evaluation
  • Risk treatment/mitigation plans/strategies
  • Threat Assessments

    With the growing frequency of cyber attacks, a well-considered and accurate threat assessment is essential to understanding and responding properly to risk. A threat assessment uses a layered approach to analyse an organisation's overall risk profile by assessing security vulnerabilities at the network, business process and people levels. This is combined with current information on security threats to create an intelligence picture. A threat assessment allows you to better understand what you need to defend against and can help in resource allocation and budgeting.

Certification and Accreditation (C&A)

InPhySec can help with all aspects of C&A from policy and process through to production of C&A packages. Specifically, InPhySec can:

  • Ensure C&A is captured in your business processes in accordance with the PSR and NZISM, if you need to comply with these requirements
  • Provide advice throughout a system life-cycle to make C&A easier
  • Conduct an independent audit of systems for the purposes of certification
  • Produce an entire document set needed for the Accreditation Authority to sign off
  • Advise on the use of certified Common Capabilities and how to incorporate this into your C&A activities

InPhySec works to both international and New Zealand Government security standards, including but not limited to:

  • ISO27001
  • PSR

InPhySec can also advise a business that is using its own resources to develop security policy but needs help with the writing and alignment to external security standards. This service is often cost effective for small businesses.

Protective Security Requirements (PSR)

InPhySec can help public sector agencies to complete their annual protective security self-assessment. Furthermore, InPhySec can help agencies to comply with PSR requirements and identify activities required to achieve target maturity levels.


This service taps into the capabilities and experience within our company to offer you highly-qualified, well-reasoned security advice at an executive level. This service is a cost-effective way for an organisation to access professional security advice for its existing CISO/ITSM, or a resource for the organisation when the CISO/ITSM is unavailable. Packages are tailored to your needs and can be as simple or as sophisticated as required.

Security Policy & Process Development

InPhySec can help assess and improve your security policies and processes. We specialise in bringing organisations up to international best practice, particularly for audit purposes. Our staff have a specialised understanding of the requirements of the government classified environment.

Our services include:

  • Security policy and procedure assessment and gap analysis
  • Business strategy
  • Security framework
  • Maturity assessments

Security Awareness

Security awareness training and planning is key to the ongoing security health of any organisation.

Our security awareness services include:

  • Policy and procedure development and implementation
  • Specialised security awareness training tailored to your organisations’s needs
  • One-off training exercises
  • Refresher security training – this can be one-off training or packaged for ongoing awareness training, which also satisfies audit requirements.
  • Board & Executive Services

    We provide more than technical and policy services. Our significant experience in managing large organisations, combined with our wider security and intelligence background, means we offer a range of tailor-made strategic security services to boards, executive teams and senior managers.

    These range from one-off cyber security awareness sessions, to coaching and consulting support for teams and individuals. We also offer high-level, genuinely strategic advice on the wider security, cyber and operating contexts that organisations face. We support this practice through regular engagement with professional industry bodies, to ensure our skills and knowledge are kept current. We would be happy to discuss your needs and formulate a package to help you to navigate the challenges, and seize the opportunities, of the digital economy.