Process development
What it is:
We don’t just design world-class program strategies; we have built and operated them. We use the insights from this end-to-end experience to help you develop processes that focus your resources on the most critical risks. Designing processes that meet your organizational needs while scaling with growth and change is complex. We have proven methodologies to help you develop or improve strategies that will enable your team and business to be more efficient.
What to expect:
- Sustainable processes that mature and scale with your organization
- Certified experienced process development and change management expertise (Lean Six Sigma, PROSCI, ITIL)
- Cross functional experience (business, IT, cybersecurity, legal, privacy) that maintains sight of the big picture
Security architecture
What it is:
We work with you to develop an operations plan that ensures you’re layering security throughout the business while getting the best return on investment. We provide support for RFPs and other procurement processes (we don’t maintain extensive vendor referral agreements, and the very few we have are disclosed in all cases). We help you cut through the buzzwords to help you build support for critical initiatives without defaulting to fear, uncertainty, or doubt.
What to expect:
- Actionable plan on what tool(s) to use when and how to deploy
- Unbiased RFP (request for proposal) process and procurement support
- Business case support
- Rationalization of your technology stack (often resulting in cost savings you can apply towards more critical cybersecurity needs)
- Bespoke solutions for unique challenges such as industrial manufacturing or device security
Threat intelligence
What it is:
We can help you develop a real-time threat intelligence program, processes, and capabilities necessary to use various sources of publicly and privately available threat feeds and analysis to anticipate attacks and trends that may impact your business.
What to expect:
- Risk-based analysis and recommendations of threat feeds, services and capabilities to equip your team with the right levels of external insights that are action oriented with minimal noise
- Process development and training to equip your team with the right tools and knowledge to execute (or outsource) threat intelligence
Vulnerability risk management (VRM)
What it is:
We can help you build a vulnerability risk management program, process, and governance to ensure your organization proactively identifies technical vulnerabilities and directs appropriate risk-based mitigation against them.
What to expect:
- Analysis of your current state with prioritized recommendations for improvement
- Development of tactical, strategic, and governing processes to make VRM successful within your organization
- Analysis and selection of the right tool sets to support your program and scale to your needs
Information classification
What it is:
Information/data classification ensures everyone knows the sensitivity of the information they are creating, using, or storing; and knows how to handle it according to the sensitivity. If they don’t, they are left either treating everything like “crown jewels” (taking up precious time and resources) or not taking the care they should to protect it. We will help you have the right business conversations to determine what is truly important to your business and develop a framework that strikes the right balance of effort based on what’s most important.
What to expect:
- Actionable and appropriate classification framework reinforces clear actions and accountability for your entire workforce
- Identification of your most critical “crown jewels” that enable you to prioritize and focus your efforts vs. attempting to “boil the ocean”
- Training and organizational change management to ensure appropriate adoption of the practices (a read and sign policy almost never works)
- Planning and architectural analysis of enabling tools like tagging technology and DLP (data loss prevention)
IS workforce awareness, behavior, and culture change
What it is:
To change behaviors and realize risk reduction, you need stakeholder support and a strong message that will resonate with all employees. We will align your campaign delivery and tactics to your top business risks and company culture. Our creative interventions and powerful storytelling will drive interest and sustainable action with unique content at the necessary frequency.
What to expect:
We will work closely with you and your stakeholders to creatively execute the change management and communications plan over the course of the project and beyond. Deliverables could include:
- Leader messages
- Champions program and toolkit
- Live action or animated video
- Facility signage and displays
- Interactive training and gamification
- Live events and speakers
- Cyber Security Awareness Month campaign and activities
- Quarterly campaigns
- Intranet resource site development
- Intranet site articles, blogs and social posts
- Custom and engaging resources unique to your organization
Executive advisory
What it is:
Get control of turnover, culture, and organizational change with executive advisory. We have been in your shoes and can help you advance your organization while growing your skills and capabilities.
What to expect:
- Fortune 200 experienced executive resources
- Independent strategic advisory and coaching
- Proven outcomes of many successful engagements with CIOs and CISOs
