Buy Something!!!

Is Your Transaction Secure?

Software

Call for pricing (retail $365/y/user)
Price Details

Decider helps people or groups make better Decisions. It does this by allowing thoughts on an issue to be mapped and viewed in decisions and groups, allows them to be positioned relative to each other on different scales, and supports group processes to allow people with differing views to codify their views and work together to resolve them. Drill-Down

Call for pricing (versions ranging from $5000/y/user)

SecurityMetrics includes modules for mose of the most commonly used security standards, including ISO 27001 (ISMS), ISO 17799:2005, ISO 15489-1 (Data retention and disposition), SP-800-53 and 55 (NIST standards), and including our security metrics, governance, and other similar checklists and measurement approaches. Download a sample version here to test it out!

Call for pricing (versions ranging from $5000/y/user)

Policy Assistant Supports development of security policies based on a wide range of standards.

Call for pricing (retail $5000/y/user)

SecurityDecisions Security Decisions represents an approach to sound practices in information protection for companies of all sizes. It facilitates making and documenting many of the most important technical information security decisions an enterprise has to make. Download the 2007 version of the software here for testing purposes.

Call for pricing (retail $365/y/user)

Influence A Java-based application that analyzes business project political situations and advises on the use of influence tactics for participants in situations. Download the software (for personal use and professional testing only) and try it out. here. Get a license for your company by pressing the payment button at the left.

Call for pricing

Gamer A Java-based application that allows us to build training applications for security awareness and other related programs. This example shows some of the standard games we have deployed using the Gamer framework. We do custom training and awareness games and create awareness programs for enterprises on a custom basis. You can also license the underlying mechanisms and build your own internal training applications, good for download, complete with training on how to build your own scenarios. Enjoy... Download Demo The Gamer as delivered includes complete programming guide for building your own game-based training and testing materials licensed for unlimited internal use and a full version of Security Awareness Basics licensed for unlimited internal use as a built-in. For limited use, or custom scenario and test builds, contact one of our representatives.

Call for pricing

Maps A Java-based application that allows those who have to fulfill standards requirements see what related standards requirements, checklist items, and related material are available from other standards and the Chief Information Security Officer's ToolKit. The free download does the mapping, but because of licensing issues, we cannot include access to the ISO standards and other related content. That comes when you certify you have an ISO license and purchase the full package - which includes the books whose content is also included in the mapping. Download Demo

Security Awareness Programs

Price Details
Call forpricing

Standard Security Awareness Booklets: This offering provides 500 copies of our standard security awareness booklet at an outstanding price. This is ideal for an awareness program for 500 employees. The employer reviews the contents and provides an additional comment sheet or trains employees on the differences between the standard awareness program and their program. In most cases the program can be used as is. Table of Contents

Call for pricing

Semi-Custom Security Awareness Booklets: This offering provides 500 copies of a customized security awareness booklet for your enterprise. After your order is placed, a single copy is provided for your markup. After markup ,we generate a customized version and send it to you for approval. After approval, we manufacture and deliver 500 copies to you.

Call for pricing

Additional Semi-Custom Security Awareness Booklets: After the initial order, additional copies in quantity 500 can be ordered of your custom security awareness booklet

call for pricing

Executive Security Briefing: This is a customized executive level security briefing delivered to your executive team on a pre-arranged topic of specialization. It includes discussion of the topic to be briefed, a draft set of slides, a review process for vetting those slides, and a final presentation. Travel expenses additional.

call for pricing

Conference Keynote Address: This is a customized conference keynote address delivered to your conference on a pre-arranged topic of specialization. It includes discussion of the topic to be briefed, a draft set of slides, a review process for vetting those slides, and a final presentation. Travel expenses additional.

Security Workshops

Price Details
call for pricing

Risk Management Workshop: This workshop includes a 1-day on site meeting with enterprise decision makers and risk management specialists to create a top-level risk management approach for enterprise information protection that meets with the requirements of COSO and the Sarbanes Oxley Act. It includes a series of mini-briefings on specific issues and generates client decisions on each of those issues. After the on-site program, a report is generated and returned reviewing the decisions and their basis.

call for pricing

Security Metrics Workshop: This workshop includes a 1-day on site meeting with enterprise information security management to create a top-level set of decisions about what to measure in the information security program. Based on these decisions and existing intellectual property, a report defining which metrics to select and what goals to reach is generated and provided along with a detailed listing of the selected metrics.

Standardized Security Assessments

Price Details
call for pricing

Security Architecture Future Study: This study is a standardized review of key elements of enterprise security architecture following the Security Decisions approach. In this study, one security expert does a 2-day telephone meeting with 3-5 key enterprise security architects to lay out the future directions for your enterprise security architecture. A set of about 35 decisions are made during the two days on site and a write-up of those decisions is provided as a deliverable within 7 days of the conference call. Sample SOW

call for pricing

Optional Security Architecture RoadMap Add-on: This is an add-on to the security architecture future study that augments the study with a roadmap of how the enterprise can get from their current situation to the future state. During the future study additional information on the current security architecture is collected and a roadmap is generated as a second report to indicate how the enterprise can reasonably transition from the current state to the future state. If ordered without a future study, a future study will be used as a replacement for this ordered item. Sample SOW

call for pricing

Minimum Information Security Rapid Assessment: This is the minimum level information security rapid assessment offered by our teams. In this assessment a team of 2 people do an on-site visit for 2 days to review security issues within the enterprise. This includes a variety of small-scale tests of security issues with select systems, a vulnerability scan, and a variety of interviews. 14 days after the site visit is completed, a draft report of 20-35 pages is produced identifying the current security state and likely urgent, tactical and strategic changes required to meet reasonable and prudent security levels in reasonable time frames. Sample SOW

call for pricing

Full Information Security Rapid Assessment: This is the full level information security rapid assessment offered by our teams. This assessment augments the minimal rapid assessment with more comparison information including evaluation against security standards ISO177989, GAISP, and CMM-SEC, and a comparison to other comparable companies that have had similar studies performed. 14 days after the site visit is completed, a draft report of 35-70 pages is produced identifying the current security state and likely urgent, tactical and strategic changes required to meet reasonable and prudent security levels in reasonable time frames. Sample SOW

call for pricing

Information Protection Posture Assessment: This is a standard information protection posture assessment offered to major enterprises world wide. It includes a groups of experts visiting several sites over a 5-day period, focused penetration testing and in-depth interviews with scores of people, and a full-up report on the current situation with respect to information protection at the enterprise. Sample SOW

call for pricing

Optional IPPA Add-on: This is an add-on to the Information Protection Posture Assessment that provides comparisons to other comparable enterprises. Sample SOW

Standardized Studies

call for pricing

Long-Term Future Security Architecture Study: This study gathers together 5 or more experts on information security and your type of business for several days to generate ideas and discuss options for long-term (10-year) security vision and architecture for your organization. About 20-days after the end of the meeting, a set of initial presentation slides are provided for three options of the long-term future security architecture. The client then picks one to be detailed and we create in-depth final presentation slides within 10 days. Sample SOW

call for pricing

Policy Reconciliation Study: This study reconciles up to 25 client policies against ISO17799 or another specified and agreed policy framework to produce a reconciliation matrix and a by reference policy (a policy framework with elements identified from existing policies in that policy and copied over, inconsistencies identified). It is the best approach we have to generating a new standards-based policy that is consistent with existing policies. Sample SOW

Enterprise Security Architecture Development

call for pricing

ISO 17799:2005 Policy creation from scratch: This consists of initial interviews with the client to determine overall enterprise nature and parameters, followed by the creation of a complete set of information security policies following the ISO 17799:2005 standard, making proposed decisions for the client along the way and, after approval, creating the complete set of policies. Policies appear for the enterprise at the rate of about one per week for 12 weeks. Sample SOW

call for pricing

ISO 17799:2005 Control Standards from Policies: This consists of taking a previously written ISO17799:2005 based policy set and creating a set of control standards that turn the policy into acitonable process for the enterprise at a level adequate for action, but without specific details for each type of system or procedures for specific situations. Sample SOW

call for pricing

Risk management program development: This consists of creating a risk assessment and decision process based on client needs, creating forms, processes, developing databases and analytical frameworks, doing initial risk assessment education and training with staff including a limited number of live internal assessments and decisions in which internal assessment team members work with our team to get the processes and forms wrung out and fully implemented, tranistion to internal risk management processes, and external verification over time as needed. More details Sample SOW

White Glove

Price Details
Call for pricing

White Glove - 100 Pack: This is a 100 pack of the White Gloive bootable Linux CD used for performing maintenance, emergency recovery, and other similar operations. For more details on White Glove, Click Here

Terms and Conditions: All orders are FOB our shipping point, payment due before shipment. 60 day limited warranty for parts and labor. Prices exclusive of tax and customs fees. All orders are final. Typical delivery 15 days from order, however, due to supply and delivery limitations and seasonal variations, 45 day maximum delivery times are sometimes in effect. Payment by check, money order, or credit card. No COD. Technical support via email and web. Prices, delivery, components, and capacities subject to change without notice. We reserve the right, at our sole discretion, to upgrade any purchase to a more expensive CD that has at least all of the features ordered, at no additional cost to the purchaser.

Purchase orders: We do accept purchase orders, however, there is an additional fee of $50 for processing purchase orders, regardless of their size. All purchases via purchase order (other than US Government Purchases for large dollar amounts that are handled separately) must result in pre-payment before we will process the order. You send the PO, we send an invoice, you send a check, we send the goods. Pre-payment of the purchase order fee via credit card is strongly encouraged.

Policy: Any circumvention of purchasing procedures - for example by changing prices on items or using forged entries to the credit card provider - will be treated as if the charged amount are consulting fees for our efforts in clearing up the issue. We appreciate your donation.