easy site builder

What I can do for you

I help my clients adopt a more scientific, analytical approach to managing their security risks, and to benefit from doing so.

For many years, managing security risk has revolved around the use of Best Practices. Best Practices work, but only up to a point. They are generic and always need to be customised. They are slow to respond to changes in the threat environment and technology practices, and their benefits are hard to quantify.

A scientific, analytical approach, on the other hand, creates a much firmer foundation, not only for understanding security risk but for managing it too.

We couldn’t run a modern health service without the aid of medical science.


Or build a modern bridge without the aid of structural engineering tools.  
And we don't have to continue trying to protect technology-based businesses using only ungrounded security practices and methods.

Scientific/analytic methods enable us to build the more objective and more focussed practices and tools a modern security function requires.

  • It enables us to measure and prioritise threats, not just in terms of the number of attacks we see but in terms of the ability those attacks have to create security risk.
  • It enables us to calculate the effectiveness of security controls, putting objective absolute numbers to how good a control is at reducing the likelihood of attacks being successful or the harm successful attacks cause, rather than just measuring the extent to which the control has been implemented.
  • It enables us to show top management graphically the company's measured risk posture against their stated risk appetites and to drill down to see which control shortcomings are causing which targets to be missed.
  • It enables us to calculate the return on investment we can expect for a security control, and to quantify how much benefit a desired control improvement will bring.
  • And it enables companies to manage their security risks using the same type of cost-benefit analyses they use to manage other types of business risk – something business leaders have wanted to be able to do for a very long time.

I have grouped the ways I can help into the three sections below. I have tried to explain my core capabilities, and in each area give some ideas for how you could build on these to improve how you protect your assets against security threats. However, these are only a small number of examples, so if you have particular goals or needs and would like to know how I can be of help, please get in touch using the contact details at the top of this page.

  • MODELLING - elementary modelling through to sophisticated statistical analysis.  More ...
  • RISK METRICS - measuring the risk dynamics taking place across your environment to gain meaningful insights and actionable results.  More ...

© Copyright 2018 JLIS Ltd - All Rights Reserved