Information risk and security consulting
With more than 3 decades’ professional experience under our belts, our expertise, competence and interests include:
Information risk management - identifying, evaluating and deciding how to treat risks to or involving information. While today most
information exists in the form of computer data, we’re just as concerned about risks to intellectual property in workers’ heads, as well as written and printed materials. We are
particularly keen to help management teams tease out and decide what to do about the information risks with significant consequences for the organization - not just that scary cyber stuff but a broader business perspective on potential impacts and opportunities.
Information security management
- there’s a vast range of security controls to mitigate information risks, each with their pros and
cons. Again, IT security or cybersecurity controls are just part
of the solution, supplemented, supported and often enabled by physical and administrative controls. If you honestly believe antivirus software is all you need to prevent malware, drop us a line
quick before some miscreant exploits the gaping holes in your defenses.
Information risk and security governance
- management needs to keep on top of the organization’s information risk and security management as well as the policies, controls, procedures etc. We can help design and implement appropriate governance arrangements to pass good quality information in both directions (a combination of strategies, policies and directives flowing down through the organization from management, with suitable reports and metrics flowing in the reverse direction).
Information risk and security management systems
- designing and implementing suitable arrangements within the typical corporate infosec department, ranging from SMEs up to huge multinationals.
Information risk and security metrics
- aside from literally writing the book on this
we’ve been designing, developing, evaluating and using metrics since the 80’s. Let us help you figure out what needs to be measured as well as how to do it.
Strategy development - with a strong focus on both protecting and exploiting information for business purposes, we can help
you plot and then navigate your way through the maze.
Policy development and customization - need something different in the area of information risk, security, governance and
compliance-related policies? We’ll help map out then build your policy suite plus the associated procedures to manage it yourselves in future. Unlike some of our peers, we are keen to work ourselves out of a job!
- from installation and IT development project audits to ISO27k ISMS internal audits, we’ve done the lot. We’ve also assembled, directed and managed IT audit teams, developed IT audit methods, taught CISM classes and mentored junior IT auditors as they find their feet.
ISMS gap analysis, internal audits and certification readiness reviews
- for tightly-scoped assignments, clients want someone to turn up, do the business, report and leave, which is fine by us. Let’s define, scope, specify, plan and budget for assignments then identify, evaluate and supervise those doing the work, even if you’re not entirely sure what you need right now.
Security awareness and training
- been there, done that! This has been our prime focus since 2003 but we’ve been doing it for far longer as an integral part of information security management. Ignore the human side of information risk and security at your peril!
Technical authoring and presentationacross all the areas noted here. We are well-practiced at both writing and presenting on
information risk and security topics for corporate audiences ranging from the shop floor to the boardroom. Need a business case or budget proposal for a certifiable ISMS? How about a help manual
for an IT security system, or a set of security admin and incident response procedures?
Remote support - as a sounding-board or source of new ideas, we offer honest, unbiased, discreet professional advice and guidance to CISOs,
Information Security Managers, Information Risk Managers, Heads of Audit and the like via email and telephone.
Interim management and mentoring
- need someone next week
to pick up the pieces after your CISO, Information Security Manager, IT
Audit Manager or IT Auditor has unexpectedly departed? After grabbing the reins and calming the horses, we’ll assist you to find, recruit and settle-in a suitable permanent replacement. Let’s talk
If you have something in mind along these lines, get in touch to talk it through. Once we know what you’re after, we can either prepare a formal proposal ourselves or put you in touch with professional contacts dotted around the globe, literally.