mobile website builder

What I do

I enable my clients to benefit from taking a more scientific, analytical approach to managing their security risks.

For many years, managing security risk has revolved around the use of Best Practices. Best Practices work, but only up to a point. They are generic and always need to be customised. You are required to implement a large number of controls without any recognition of which controls are critical and which secondary. They are slow to respond to changes in the threat environment and technology practices, and their benefits are hard to quantify.

A scientific, analytical approach, on the other hand, creates a firm foundation for understanding and managing security risk.

We couldn’t run a modern health service without the aid of medical science.


Or build a modern bridge without the aid of structural engineering tools.
And we don't have to continue trying to protect technology-intensive businesses using only non-scientific security practices.

Scientific analytical methods enable us to build the practices and tools a modern security function requires.

  • It enables us to measure threats, not just in terms of how prevalent they are but in terms of their ability to create security risk.
  • It enables us to calculate the effectiveness of security controls, putting meaningful absolute numbers to how good a control is at reducing risk rather than just measuring the extent to which it has been implemented.
  • It enables us to calculate RoIs for security controls, quantifying how much risk reduction a desired control improvement will bring.
  • And it enables companies to manage security risks using the same type of cost-benefit analyses they use to manage other types of business risk – something business leaders have wanted to be able to do for a long time.

I have grouped the sorts of things I do into the three sections below. However, these are only overviews so if there is help you need and you are unclear from these descriptions if I can provide that help, please get in touch and we can discuss.

  • MODELLING AND ANALYSIS - elementary modelling through to sophisticated statistical analysis.  More ...
  • RISK METRICS - measuring the risk dynamics taking place across your environment to gain meaningful insights and actionable results.  More ...

© Copyright 2017 - 2018 JLIS Ltd - All Rights Reserved