In each of our core areas of subject matter expertise, we've developed comprehensive assessment methods. Our assessments are supported by a variety tools and templates to collect observations, analyze them, develop recommendations, and build detailed roadmaps. We create clear action plans with defined success criteria so you can measure success as you start your journey.
We offer comprehensive security assessments as standalone consulting engagements, or embedded within a security architecture improvement project. Comprehensive assessments address culture, people, organization, policies, processes, procedures, and technologies.
We help our clients plan, implement, and govern their identity, security, and risk management architectures. Project deliverables can be aligned as necessary with API-first, cloud-first, hybrid cloud, BYOD, and SecDevOps requirements. They address process as well as technology to help organizations succeed at improving maturity in the target domains for optimal results.
We can provide a full set of policy review and policy development services. We craft new, targeted policies suited to our client's IT environment, business culture, governance style, security objectives, and maturity level. We can develop custom policies or work from a variety of industry templates to create and optimize top-level policies, standards, guidance, and procedures.
Responding to adverse events is a key capability of any security, privacy, or risk management program. We can help craft tailored incident response plans and facilitate table top exercises to practice and fine-tune related procedures.
We have developed a unique approach for addressing breach readiness, whether as a proactive planning effort, or as a retrospective forensic activity discovery of Indicators of Compromise (IoC) or an actual breach. Our approach combines failure mode analysis with unified kill chain analysis, control identification, risk assessment, and prioritization of remediation efforts and budget. The result is a set of recommendations and a detailed roadmap for addressing identified failures, and to improve communication with the board, leadership team, and regulators.