Compliance is vastly over-rated when compared to actually attaining a security posture that meets risks with controls.
Vision: Acting as a trusted adviser over dozens of engagements we have confirmed that, if you measure objectively -- the effort needed to actually produce a solid cyber security posture amounts to only 10 percent additional effort compared to simply producing the appearance of 'compliance'. Mission: Focus on IT governance and Information Technology deployment. Bring clarity of purpose to information security management. Introduce repeatable procedures through a defined framework to establish successful implementation & stable operations.
Specialization and Focus:
- Regulatory Exam Preparation and Support
- Assessment of cyber security posture
- Blockchain risk assessment
- Cyber security maturity assessment
- Governance assessment
- Process visualization
- Policy framework alignment audit
- Implementation practices (procedures)
- Review policy vs. deployment gaps assessment
- Implementation road-map
- Staff skills assessment & training plan
- Framework for monitoring detailed self-audit programs
- Gaps assessment and remediation
- Litigation Support
- Expert Witness Testimony
|
Typical Deliverables:
- Security Posture Development
- Business Continuity Management
- Technology Recovery Planning
- Business Recovery Planning
- Disaster Recovery Planning
- Crisis Management Planning
- Process Flow Diagrams
- Vulnerability Assessment Analysis
- Penetration Test Analysis
- Technology Gaps Tracking
- Cyber Security Program
- IT General Controls Program
- Compliance Reporting
- Risk Assessment by Business Unit
- Self-Audit Reporting
- Policy Development
|
Consulting Practice:
Deliver affordably priced information security services advising senior management and corporate boards. Exceed expectations, produce lasting improvement in cyber security implementation .
Regulatory / Frameworks
OCC, FFIEC, GLBA, HIPAA, PCI, DOD
CIS, NIST
Typical engagements:
- On Call
- Defined Scope of Work
- Staff Augmentation
- Technology Transfer Instruction
|
Background: 40 years IS experience
Certifications (no longer maintained):
 GSNA , CISSP , S+,
 ,
 , MCSA, GISP our 'hat's off' to the professionals at SANS - you are our heroes.
 |
Acknowledgments:
The deployment and validation road map provided by the Center for Internet Security specifically their CIS 20 Controls Download is the central guide to our consulting practice . They have earned, and receive from us full credit for the work. The road-map makes projects to improve cyber security implementation much more effective.
|
Rant's and Raves Below the line :
|
|