• MODELLING - elementary modelling through to sophisticated statistical analysis.

THREATS: I build threat models that give you the ability to identify a wide range of threats, rate each threat in a meaningful way that is specific to you and your environment, and extract from the model the top threats that warrant your closest attention. 

This gives you a transparent way to get your subject matter experts to work together to agree upon your top threats. Then, as your threat environment changes, you update the model and that automatically refreshes your list of top threats.

BUSINESS RISKS: I build business risk models that give you the ability to capture how security compromises affect your business systems to cause your business harm. 


You can assess each pathway in a way that reflects its significance for your business, and identify from the model the types of security compromise that can cause your business the most harm. This will help you and your company’s business leaders agree what the Information Security function’s priorities should be, and helps business leaders support the level of security resources you need to address their business risk concerns.


RISK POSTURE: I build risk posture models that give you the ability to assess business-critical systems against a wide range of technical and non-technical controls.

You can then develop a dashboard view of each system's risk posture.

The controls can be your internal policies and standards or a recognised external standard such as ISO/IEC 27001 or the CSA’s CCM. Each system’s risk posture can be positioned against your business’ stated risk appetites so all can see immediately whether that system’s risk posture is acceptable or not. Action plans can be devised and the effect of each plan on the risk posture calculated in advance so you can build the plan that will bring the system into acceptable compliance most cost-effectively. Multiple systems can be shown on the same display to show top management the company’s overall risk posture and ensure top management attention gets directed to where it is most needed.

© Copyright 2017 JLIS Ltd - All Rights Reserved