The DMA Cyber Security Program  is a program of work that organisations undertake to protect their Information Technology assets, Intellectual property, and operational efficiency. Where done well also enables business units to have access to detailed operational data to empower real time decision making.

A cyber security program is made up of the following and most organisations have performed some or all of these components.

  • Risk Assessment – What are the key components being protected, what are the operational requirements, where are the vulnerabilities, is there traceability between countermeasures we have taken and our business requirements across all business units.  This detailed report provides vital information that sets up the strategy to implement an effective program of work to ensure the organisation does not appear on the front page of a newspaper for not having done enough of the right things to protect critical assets.


  • Strategy & Governance –  How do we deliver a program of work to dress the vulnerabilities identified in the Risk assessment report.  Do we have appropriate projects, training, technology, policy and procedures in place and that will enure our protection. The strategy document details the projects required in line with vulnerabilities identified in the risk assessment or health check to deliver an effective program.


  • Architecture – What will the overall system look like, typically take the form of 3 practical diagrams to depict where we are now, where we are going and how we are going to get where we are going.  Using appropriate alignment to standards such NERC, NIST, ISO/SEC 27001, ISA/IEC 62443 and SABSA combined with our our unique methodology and experience we document the business requirements, the IT view, the architects view, the builders view and component layer view to provide an architectural road map, with full traceability to address vulnerabilities documented in the Risk assessment.


  • Management Systems – The policies, procedure and operational  documentation to ensure the architecture can be managed to deliver on expectations, ensure redundancy and uniformity for staff across the organisation.


  • Testing – Internal and external audits, compliance testing to ensure traceability of initiatives to appropriate standards &  policy. This may include penetration testing where appropriate, regulatory compliance, best practice conformity.


  • Training – Situational awareness through to complex enterprise and control system security, our courses are delivered by experienced consultants who have both operational and security experience.  Our courses are delivered in person, on site, at our facility or for simple awareness courses, online.  We have a recommended agenda, however as the training program is modular it can be delivered in accordance with your specific needs.

For more information or arrange an obligation free discussion please email; info@dmaust.com.au