A Cybersecurity Assessment is conducted to provide an informative state in time review of an organisation's Cybersecurity environment. We use analysis tools, policy and compliance review and staff interviews to build out a structured report. This is a highly specialised Cybersecurity consulting piece and provides an organisation with the information to make an informed assessment of the potential risks and recommendations to mitigate those risks. Our Cybersecurity team are experienced not only in the technical aspects, but also the management, governance and compliance aspects of IT.
Overview
The Mercury IT Cybersecurity assessment reviews the current cybersecurity posture by looking at:
- Policies
- Systems configuration
Mercury IT will assess your policies specifically with a focus on the cybersecurity threat landscape to ensure your policies are meeting baseline requirements as set by your business requirements or by Mercury IT.
Mercury IT will assess your network systems for baseline security against well-known industry best practises such as ISO27001, NIST and ASD Strategies to Mitigate Cybersecurity Incidents.
Policy Review
Mercury IT will interview the business policy owners about what policies are in place, what requirements exist and if any planned future projects exist. Existing policies will be assessed with a focus on cyber risk and if these policies meet the baseline requirements for the business. Mercury IT will recommend any policy changes and if any new policies need to be introduced to mitigate cybersecurity risks.
Systems Configuration Review
Mercury IT will review existing systems configuration against best practice as defined by the scope agreed between the business and Mercury IT. The scope is often Microsoft servers such as AD, File and Print and mail. Network equipment such as firewalls, routers and switches.
FAQs
A cybersecurity assessment is a systematic review to identify, evaluate, and prioritise the cyber risks facing your organisation. It provides a snapshot of your current security posture that answers critical questions: Where are your most valuable assets? What are your biggest threats? Are your current defences adequate? What gaps need immediate attention? Mercury IT conducts assessments aligned to frameworks like Essential Eight and ISO 27001, providing actionable insights rather than generic checklists.
These three assessments serve different purposes and provide different insights. A risk assessment is a high-level strategic review of what your risks are and their potential business impact—for example, identifying that your customer database faces high risk of breach. A vulnerability assessment is a technical scan that finds specific weaknesses in your systems—such as identifying missing critical patches. A penetration test is a simulated attack where an ethical hacker actively attempts to exploit those vulnerabilities to determine if they can actually breach your defences. Mercury IT provides all three assessment types.
Mercury IT's assessment process begins with scoping—understanding your critical assets, business objectives, and compliance requirements. We then conduct identification of threats and vulnerabilities through technical scanning, configuration review, and policy analysis. Next is analysis and prioritisation, calculating the likelihood and impact of each risk in business terms. We conclude by delivering a comprehensive report with a prioritised, actionable roadmap for remediation, including effort and cost estimates for each recommendation.
Your business, technology, and the threat landscape change constantly. The ACSC responded to over 1,200 cyber security incidents in 2024-25, an 11% increase from the prior year. New vulnerabilities are discovered daily in the software you rely on—the ACSC proactively notified entities of potential malicious activity more than 1,700 times last year, an 83% increase. Regular assessments—typically annually or after significant business changes—keep your risk profile current and ensure your security investments remain effective against current threats.
The most valuable outcome is a prioritised action plan that guides your security investment decisions. Rather than an overwhelming list of problems, Mercury IT delivers a clear, business-focused roadmap that identifies what to fix first, second, and third based on risk and cost-effectiveness. This enables informed, budget-conscious decisions that maximise your risk reduction. The assessment also provides baseline documentation for compliance, insurance applications, and demonstrating due diligence to stakeholders.
Our assessment process begins with a scoping call to understand your business, critical assets, compliance requirements, and concerns. We then conduct technical vulnerability scanning, configuration reviews against Essential Eight controls, and policy and procedure analysis. Within two weeks, you receive a prioritised report with specific recommendations ranked by risk severity and implementation cost. We then present findings to your leadership team in business terms and provide a clear roadmap for remediation with ongoing support options.
Yes. Mercury IT has assessors who have completed the official Essential Eight Assessment Course designed by the Australian Signals Directorate's Australian Cyber Security Centre and delivered by TAFEcyber. This course enables our assessors to understand and apply the Essential Eight Assessment Guidance Package and the Essential Eight Maturity Model accurately and effectively. We assess your current maturity level across all eight controls and provide a detailed roadmap to achieve your target maturity level, whether that's Maturity Level 1, 2, or 3.
