I enable my clients to benefit from taking a more scientific, analytical approach to managing their security risks.
For many years, managing security risk has revolved around the use of Best Practices. Best Practices work, but only up to a point. They are generic and always need to be customised. You are required to implement a large number of controls without any recognition of which controls are critical and which secondary. They are slow to respond to changes in the threat environment and technology practices, and their benefits are hard to quantify.
A scientific, analytical approach, on the other hand, creates a firm foundation for understanding and managing security risk.
We couldn’t run a modern health service without the aid of medical science.
Or build a modern bridge without the aid of structural engineering tools.
And we don't have to continue trying to protect technology-intensive businesses using only non-scientific security practices.
Scientific analytical methods enable us to build the practices and tools a modern security function requires.
I have grouped the sorts of things I do into the three sections below. However, these are only overviews so if there is help you need and you are unclear from these descriptions if I can provide that help, please get in touch and we can discuss.