Benefits:

  • A clear picture of the threats, vulnerabilities, and consequences of security decisions from recognized outside experts supports your security program.
  • The cross-fertilization of security techniques and concepts helps your team stay up-to-date on the specifics they need to do their job with a level of confidentiality that cannot be gained in outside training.
  • Our reports and executive briefings help top-level decision-makers understand your needs and develop internal consensus among the key stakeholders in your organization.

    • Independent expert assessment provides an objective view of your situation and supports your efforts like no other method can.

    Areas of Coverage:

  • Protection Management
  • Protection Policy
  • Standards and Procedures
  • Technical Safeguards
  • Protection Audit
  • Documentation
  • Incident Response
  • Protection Testing
  • Physical Protection
  • Personnel issues
  • Legal Considerations
  • Protection Awareness
  • Training and Education
  • Organizational Issues

    • Our unique perspectives put security issues into a form that makes sense to the organization.

    Our Approach:

  • Identify threats to your organization and vulnerabilities that have been or might be exploited by those threats.
  • Understand the business consequences of the identified threats exploiting the identified vulnerabilities.
  • Learn about your organization's security approach, corporate culture, and capabilities.
  • Assess your overall situation, relate it to industry norms, and help build internal concensus on the current situation.
  • Identify ways to mitigate high consequence events that will fit well within your corporate environment.
  • Present results in a way that helps your organization make needed changes with the minimum of friction.

    • Our security assessments support your security improvements.

    The Price of Success:

    Top-Level Rapid Assessments

    This type of assessment costs $24,000, is accomplished in less than one month, and produces an executive-level briefing and supporting documentation covering the overall information security situation from an organizational perspective. It indicates how the organization would likely perform in a more thorough BS7799 or GASSP audit, provides information on possible paths to improved protection where such improvements are indicated, and results in an executive briefing suitable to top decision-makers. The resulting report indicates both what was found and what it means in the context of the organization. This assessment is performed by a select group of highly experienced security experts whose opinions are valued by top executives and the technical community alike.

    In-Depth Assessments

    This type of assessment costs anywhere from $65,000 to $150,000 depending on the desired level of detail and breadth of coverage. It typically takes place over a 3 month period and involves an on-site project manager who coordinates the activities of a group of specialists who examine select high-valued systems in depth. Each specialist produces an independent report that includes specific details on improvements to be made. For improvements involving nominal levels of effort, the specialists assist your personnel in implementing changes while they are on site. For more complex changes, expected costs and delivery schedules are provided. The independent reports are rolled up into a summary report by the project manager and form a comprehensive assessment of the key security issues affecting high-valued systems.

    For more information, contact fred at all.net