.jpg){kind=spacer}
Bonboo Cyber Security Services
Frequently Asked Questions (FAQs)
Clarity on security, compliance, and achieving defensible outcomes
Q: What is DISP and why does it matter?A: The Defence Industry Security Program (DISP) is the Australian Government framework required for organisations working with Defence or within the Defence supply chain.It ensures businesses can protect sensitive government information and assets across four key areas:
1. Governance2. Personnel security3. Physical security4. Cyber security
For many contracts, DISP is no longer optional. It is a prerequisite to win or retain Defence work.
1. Governance2. Personnel security3. Physical security4. Cyber security
For many contracts, DISP is no longer optional. It is a prerequisite to win or retain Defence work.
Q: What makes Bonboo different from other providers?A: Bonboo has been in your position.
As a DISP Level 3 Member, we understand both the requirements and the realities of achieving and maintaining compliance.
Our capabilities include:
- Defence-aligned expertise, with all Bonboo personnel holding AGSVA security clearances
- Independent advice with no product sales bias
- A structured methodology backed by CyberAssess
- Practical, achievable recommendations, not theoretical frameworks
- Local presence in the Newcastle–Sydney Defence corridor
We focus on what actually gets you to DISP-ready and defensible, not just compliant on paper.
.JPG)
Q: What stage of the process should we engage Bonboo?A: Bonboo supports organisations at every stage:
- Early-stage: “We want to support Defence”- Mid-stage: Gap assessment and uplift planning- Late-stage: Preparing or submitting a DISP application- Ongoing: Maintaining and improving maturity post-membership
If you are unsure where you sit, we start with a short discovery discussion.
If you are unsure where you sit, we start with a short discovery discussion.
Q: What are the cyber security requirements for DISP?A: DISP now requires organisations to meet the Australian Signals Directorate Essential Eight at Maturity Level 2 (ML2) as a minimum baseline.This means implementing and maintaining a set of controls designed to protect against targeted cyber threats, not just basic risks.
We help you:- Assess your current maturity- Identify gaps- Build a practical uplift plan- Progress to audit-ready
- Maintain compliance and ensure organisational security.
Q: Do you implement the controls as well?A: Bonboo provides advisory-led support, including guiding and assisting implementation.
Where appropriate, Bonboo will:- Work alongside your internal team- Coordinate with IT or managed service providers- Provide oversight to ensure controls are correctly implemented
Our role is to ensure the outcome meets DISP expectations, not just technical completion.
Our role is to ensure the outcome meets DISP expectations, not just technical completion.
.JPG)
Q: Do you offer ongoing support after DISP readiness?A: Yes. DISP is not a one-time activity.Bonboo provides ongoing support to help you:- Maintain compliance- Prepare for audits and reviews- Continue improving your security posture- Respond to changing Defence requirements
This includes quarterly reviews, maturity uplift, and scenario exercises.
This includes quarterly reviews, maturity uplift, and scenario exercises.
Q: How do we get started?A: Start with a short, no-obligation discovery call.
We will:- Understand your goals- Assess your current position- Recommend a clear next step
.JPG)
Q: Who do you typically work with?A: There is no single “typical” client. We support organisations across a range of sizes and stages, including:
- Defence supply chain SMEs
- Newly established companies preparing to enter Defence (3–20 staff)
- Established and growing businesses (20–200 staff)
- Large organisations operating in regulated or sensitive sectors
Q: What is CyberAssess?A: CyberAssess is a Bonboo internal assessment platform that underpins all engagements.
It ensures:- Consistent, repeatable methodology- Clear, unbiased reporting outputs- Faster and more reliable assessments
This allows us to deliver structured, high-quality results every time.
This allows us to deliver structured, high-quality results every time.
Q: Can Bonboo support only part of our DISP requirements?
A: Yes. Bonboo’s approach is flexible. We can support organisations across all four DISP security domains, or provide targeted uplift in specific areas where gaps exist.
Q: What if we already have strong cyber security in place?
A: If your organisation already has established cyber capability or certification, we can focus on strengthening the remaining domains such as governance, personnel, or physical security to help you meet full DISP requirements.
.JPG)
Q: Do you support companies and organisations outside of the Defence Industry?
A: Absolutely. While Bonboo specialises in DISP and the Defence sector, our expertise applies broadly across industries with high security and compliance requirements.
Our mastery of established cyber security frameworks, including Essential Eight (E8), Information Security Manual (ISM), and NIST Cyber Security Framework (NIST CSF)allows us to uplift and mature security across a wide range of environments.
Bonboo works with organisations such as:- Mining and resources companies.- Airports and aviation operators.- Critical infrastructure providers.- Large commercial enterprises.- Professional services and regulated industries.
These frameworks are globally recognised and adaptable, meaning we can bring the same structured, defensible approach used in Defence to any organisation seeking to improve security maturity and resilience.
These frameworks are globally recognised and adaptable, meaning we can bring the same structured, defensible approach used in Defence to any organisation seeking to improve security maturity and resilience.
Q: Do you only provide cyber security services?A: No. While cyber security is a core focus, Bonboo provides expertise across all four DISP domains:
Governance — Policies, risk management, compliance frameworksPersonnel Security — Clearances, insider risk, workforce practicesPhysical Security — Facilities, access controls, asset protectionCyber Security — Essential Eight, ISM alignment, technical controls
Our team brings multi-domain Defence experience, meaning we understand how these areas integrate in real environments, not just in theory.
Governance — Policies, risk management, compliance frameworksPersonnel Security — Clearances, insider risk, workforce practicesPhysical Security — Facilities, access controls, asset protectionCyber Security — Essential Eight, ISM alignment, technical controls
Our team brings multi-domain Defence experience, meaning we understand how these areas integrate in real environments, not just in theory.
.JPG)
Q: How long does it take to become DISP ready?A: It depends on your current maturity and target level.
Typical timelines:- Small uplift: 2–4 months- Moderate uplift: 3–6 months- Full uplift (structured program): 6–12 months
Our focus is to provide a clear, prioritised roadmap so time and investment are controlled.
Our focus is to provide a clear, prioritised roadmap so time and investment are controlled.
Q: Do we need all four security domains even if we are a small business?A: Yes. All four domains apply, regardless of organisation size. However, the depth and complexity scale with your risk profile and DISP level.Bonboo are experts of all 4 domains, and we tailor the approach so smaller organisations meet requirements without unnecessary overhead.
Q: Can you help with the DISP application itself?A: Yes, of course! We support the full pathway, including:- Gap assessments- Documentation and policy development- Evidence preparation- Application guidance and submission readiness- Uplift activities where required
We ensure your submission is credible, complete, and defensible.
We ensure your submission is credible, complete, and defensible.
.JPG)
Q: Does Bonboo provide DISP membership?A: No. DISP membership is granted solely by the Australian Government. No private company, including Bonboo, can provide or issue DISP membership.
What Bonboo does provide is expert guidance and end-to-end support throughout the entire process.We help your organisation:- Understand DISP requirements across all four security domains- Assess current maturity and identify gaps- Develop the required policies, documentation, and evidence- Implement and validate necessary controls- Prepare a credible, defensible application- Represent and position your organisation appropriately throughout the process
Our role is to ensure you are fully prepared, aligned, and submission-ready so that your application meets Defence expectations and stands up to scrutiny.
Our role is to ensure you are fully prepared, aligned, and submission-ready so that your application meets Defence expectations and stands up to scrutiny.
Q: Can Bonboo support us end-to-end?
Absolutely. We can support your organisation from early-stage readiness through to full DISP alignment, or engage at any point along the journey depending on your needs.
Q: How long does it take to become DISP ready?
A: Timelines vary depending on your organisation’s current level of maturity. Bonboo works with you to assess your starting point and develop a practical, staged roadmap, helping accelerate progress while ensuring all requirements are met efficiently.
Still unsure?If you’re considering Defence work and want to better understand your requirements, Bonboo can provide clear, practical guidance from the outset. Contact us for a no-cost initial discovery session.