The first-of-kind Enterprise Threat and Security Risk Assessment framework for a major Commonwealth agency — delivering executive-ready performance metrics, maturity modelling, and a roadmap for sustained PSPF alignment.
THE CHALLENGE
A major Commonwealth revenue authority needed to move beyond siloed security functions and build a coherent, enterprise-wide security posture. With obligations under the Protective Security Policy Framework (PSPF) and exposure to a broad threat environment, the agency lacked an integrated framework capable of measuring, reporting and improving security performance across the organisation. Ad hoc approaches to security risk assessment were failing to satisfy executive accountability requirements.
OUR APPROACH
Agilient delivered a comprehensive Enterprise Security Strategy and Threat Assessment Capability Framework, conducting structured stakeholder workshops with both executive leadership and operational security teams. Working to ISO 31000 and the PSPF, we developed a security maturity model with measurable performance metrics that could be reported to the executive level. We proposed a first-of-kind Enterprise Threat and Security Risk Assessment (ETSRA) as the logical next step, establishing a deep advisory partnership with the agency’s security function over the engagement lifecycle.
THE OUTCOME
- Delivered Australia’s first integrated enterprise security strategy and capability framework for a Commonwealth revenue authority
- Produced a fully costed maturity model with executive-ready performance metrics aligned to PSPF requirements
- Proposed and scoped the ETSRA as the agency’s next strategic security investment, providing a clear implementation roadmap