Cybersecurity Resources
Practical tools and templates to support your cybersecurity program. Developed from real-world engagements with Australian Government agencies, defence industry organisations, and critical infrastructure operators.
All resources reflect current Australian Government security frameworks including the ISM, PSPF, and Essential Eight.
Essential Eight Maturity Calculator
Free interactive self-assessment tool. Answer 32 questions and get an indicative maturity level across all eight strategies -- right in your browser, no registration required.
Free Downloads
Templates, checklists, and guides ready to use. Some resources require a business email address for the full version.
IRAP Assessment Preparation Checklist
Prepare your organisation for a smooth IRAP assessment. Walks you through everything you need to have in place before your assessor arrives, reducing delays and ensuring a productive engagement.
Who it's for
IT managers, security teams, and compliance officers preparing for their first or next IRAP assessment.
What's included
- Pre-assessment documentation requirements (SSP, SOPs, network diagrams)
- Stakeholder preparation guide
- Evidence collection framework aligned to ISM controls
- Common pitfalls and how to avoid them
- Timeline template for 90-day, 60-day, and 30-day milestones
Essential Eight Self-Assessment Template
Benchmark your Essential Eight maturity in a structured spreadsheet. Maps each strategy against ISM control requirements for Maturity Levels 1, 2, and 3.
Who it's for
CISOs, IT security managers, and consultants performing internal Essential Eight assessments.
What's included
- Control-by-control assessment worksheet for all eight strategies
- Current state vs target state comparison
- Automated maturity level calculation per strategy
- Remediation action tracking with priority and owner fields
- Executive summary template for board reporting
DISP Readiness Checklist
Assess your readiness for Defence Industry Security Program membership. Covers the four security streams -- governance, personnel, physical, and information/cyber.
Who it's for
Defence industry suppliers, subcontractors, and organisations seeking DISP membership.
What's included
- Requirements overview for each DISP membership level
- Self-assessment against the four security streams
- Documentation checklist (policies, procedures, plans)
- Personnel security obligations summary
- Common application issues and how to resolve them
Security Incident Response Plan Template
A ready-to-customise incident response plan based on the ISM, NIST, and SANS frameworks. Provides a comprehensive structure for your organisation's security incident response plan.
Who it's for
Organisations without a formal incident response plan, or those updating an outdated plan.
What's included
- Incident classification and severity matrix
- Roles and responsibilities (incident commander, technical lead, communications)
- Detection, containment, eradication, and recovery procedures
- Communication templates including government reporting
- Playbooks for common incident types (ransomware, data breach, phishing)
Cloud Security Assessment Checklist
Evaluate the security posture of your cloud environment. Covers essential security controls for AWS, Azure, and Google Cloud aligned with ISM cloud computing controls.
Who it's for
Cloud architects, IT security teams, and organisations migrating workloads to the cloud.
What's included
- Identity and access management controls
- Network security and segmentation checks
- Data protection and encryption requirements
- Logging, monitoring, and alerting configuration
- Shared responsibility model clarification
- Multi-cloud considerations
Board Cybersecurity Reporting Template
Communicate cyber risk to your board in language they understand. Translate technical cybersecurity metrics into board-level reporting.
Who it's for
CISOs, IT directors, and security managers who report to boards or executive leadership.
What's included
- Board presentation template with speaker notes
- Key metrics and KPIs for board-level reporting
- Risk heat map template
- Maturity trend visualisation guidance
- Investment case framework for security initiatives
- Alignment to AICD cyber governance principles
PSPF Compliance Guide
A practical guide to the Protective Security Policy Framework for Australian Government entities and contractors. Distils the framework into actionable requirements.
Who it's for
Security advisers, compliance teams, and contractors working with Australian Government entities.
What's included
- Overview of PSPF structure and mandatory requirements
- Maturity self-assessment against each PSPF policy
- Gap analysis template
- Implementation priority guidance
- Relationship mapping between PSPF, ISM, and Essential Eight
Vendor Security Assessment Questionnaire
Evaluate the security posture of your third-party suppliers and vendors. Helps you assess security practices before onboarding or during periodic reviews.
Who it's for
Procurement teams, IT security teams, and contract managers responsible for third-party risk.
What's included
- 60+ security assessment questions across 10 domains
- Scoring rubric for vendor risk rating
- Domains: governance, access management, data protection, incident response, and more
- Response evaluation guidance
- Vendor risk register template
SOCI/CIRMP Compliance Checklist
Navigate your obligations under the Security of Critical Infrastructure Act 2018. Determine if the Act applies to your organisation and what you need to do.
Who it's for
Responsible entities and operators of critical infrastructure assets across the 11 defined sectors.
What's included
- Applicability assessment (does SOCI apply to you?)
- CIRMP requirements checklist by hazard type
- Annual reporting requirements summary
- Government assistance measures overview
- Sector-specific guidance notes
Security Awareness Training Outline
Build an effective security awareness program for your organisation. A comprehensive outline for training that engages staff and measurably reduces human-factor risk.
Who it's for
HR teams, IT managers, and security teams responsible for staff training and security culture.
What's included
- 12-month training program outline with monthly themes
- Module descriptions for core topics (phishing, social engineering, data handling)
- Delivery format recommendations (e-learning, workshops, simulations)
- Phishing simulation program design
- Metrics and measurement framework
- Compliance mapping (PSPF, ISM, SOCI)
Need Something More Tailored?
Our downloadable resources provide a strong starting point, but every organisation is different.