design your own website
  • MODELLING AND ANALYSIS - elementary modelling through to sophisticated statistical analysis.

What I bring to the table is a rare, if not unique, ability to take a scientific, analytical approach to Cyber Security matters. I enable my clients to get objective, quantified insights into the components that contribute to their security risk so they can manage those risks in a more informed and confident manner. I develop bespoke solutions customised to the individual client and their particular need. On this page I give a brief indication of the sorts of analytical tools I have developed for clients. You can download a more expansive description here.


THREATS: I build threat maps that give you the ability to identify a wide range of possible security threats, rate each one according to its potential to cause harm within your technical environment, and identify which threats are the ones you need to focus on first. 

This gives you a transparent way to get your technical subject matter experts working together to agree your top threats. Then, as your threat environment changes, which it will do all the time, you'll update your model and that will automatically refresh your list of top threats.

BUSINESS RISKS: I build Value-at-Risk calculators and business risk maps that give you the ability to map and show the pathways by which security breaches affect your business operations and cause you business harm.


I help you assess each pathway in a way that exposes its significance for your business systems and operations. Then you can identify from the map which security breaches have the potential or tendency to cause your business the most harm, and how much harm they could cause. This will help you and your company’s business leaders agree what the Information Security function’s protection priorities should be. And it makes it easier for business leaders to see what they get in return for the support they give to you and your security team.


RISK POSTURE: I build risk posture models that give you the ability to assess the technical and non-technical controls protecting your business-critical systems against a wide range of threats. You can then develop a dashboard view of each system's risk posture.

The controls can be your internal security policies and standards, a recognised external standard such as ISO/IEC 27001 or the CSA’s CCM, or your technical and non-technical internal controls relating to GDPR. Each system’s risk posture can be positioned against your business’ stated risk appetites so all can see immediately whether that system’s risk posture is acceptable or not. Action plans can be devised and the effect of each plan on the risk posture calculated in advance so you can decide on the plan that will bring the system into acceptable compliance most cost-effectively. Multiple systems can be shown on the same display to show top management the company’s overall risk posture and to ensure top management attention gets directed to where it is most needed.

If you would like a more expansive description of the sorts of analytical tools I have developed for clients, you can download it here

If you would like to make the way threats and controls operate within your company more transparent, then do get in touch. Email me at or call 07734 311567 (+44 7734 311567).

© Copyright 2017 - 2018 JLIS Ltd - All Rights Reserved