All.Net

Consulting Services Benefits:

Experience
Many years of practical experience in corporations of all sizes and sorts have helped to hone our skills and allow us to temper our knowledge with wisdom.

Expertise
Our in-depth technical knowledge and clear business understanding gives us the ability to provide solutions that work for your business.

Independence
Our independence from products, vendors, and your organizational issues provides us with a unique view that enables us act in your sole interest.

What our clients tell us:

Our business processes help facilitate orderly change over time.

We communicate effectively with both management and technologists.

We are direct, discrete, and very easy to work with.

Advocacy Programs

Benefits:

Timely assistance on the most difficult and complex information protection issues.
Help evaluating protection products, vendors, technologies, programs, and plans.
Help developing internal information protection programs.
Expert assistance available as needed.
Advocacy provides clients with on-demand independent information protection expertise.

Our Approach:

An initial corporate protection overview provides the context to properly address your needs.
On a regular basis, we brief and sit in on corporate security committee meetings.
As needed, we research and report on special topics and help address critical issues.
The advocacy program provides a key team member that would otherwise be missing.

Select Advocacy Examples:

Outside "member" of corporate security committees.

Due diligence on risk management decisions about information technology.

Help implementation teams make technology decisions for a new global protection initiative.

On-site assistance during product/vendor reviews.

Strategic planning for a global protection program.

Evaluation of expert witness testimony and computerized forensic evidence.

Help funding agencies assess areas to support.

Supplement in-house expertise during Internet expansion and network redesign process.

Protection Posture Assessment
An Initial Corporate Protection Overview

Basic Understanding:

Dependencies + Vulnerabilities + Threats = Risk
Risk - Suitable Mitigating Actions = Residual Risk

Dependencies:

How does the business operate?
What are the critical business functions?
How are they implemented?
What would happen if:
information was corrupted?
information became unavailable?
the wrong information was sent out?

The business implications of information protection failures.

Vulnerabilities:

What is implemented?
How is it operated?
What protection is in place?
Known vulnerabilities?
Actual incidents and what was done?
Suspected incidents and what was done?
Other concerns?

Weaknesses in technology, operations, personnel, structure, ...

Threats:

Insiders
Private detectives
Reporters
Consultants
Whistle blowers
Hackers
Crackers
Club initiates
Tiger teams
Competitors

Police
Government agencies
Infrastructure warriors
Nation States
Economic rivals
Military organizations
Information warriors
Nature
Maintenance people

Professional thieves
Hoodlums
Vandals
Activists
Crackers for hire
Deranged people
Organized crime
Drug cartels
Terrorists
Spies

Organizational Issues:

Protection management
Protection policy
Standards and procedures
Documentation
Personnel security

Technical safeguards
Protection audit
Incident response
Protection testing
Physical protection

Legal considerations
Protection awareness
Training
Education
Organizational suitability

Mitigation Strategies:

We use analytical tools to help develop a wide range of protection strategies that could work.
We combine our organizational knowledge with these strategies to develop strategies that can work within the client's environment and culture.
We work with the client to find the best strategy to meet their needs.
We help the client work within their organization to mitigate risks while minimizing business impact.

Risk mitigation strategies must be suited to the organization or they will ultimately fail.

Process and results:

We visit and learn about dependencies, vulnerabilities, and threats.
We come to understand what people do and how they do it.
We develop a high-level understanding and the context to address specific needs.
We indicate protection weaknesses and organizationally suitable mitigation strategies.
We produce a draft report on overall protection posture.
We work with the client toward a final report while we help to mitigate the most critical risks.
We provide ongoing assistance through our corporate advocacy program.
The client gets effective protection within the real constraints of the organization.

To contact us, send email to fred at all.net