All my services are custom-designed to suit client requirements. The following examples illustrate the general kinds of assignments I have completed previously ... and I welcome novel challenges along these lines:

  • AI risk and security - identifying, evaluating and treating information risks associated with LLM and other AI-based systems, applications and processes, specifying, documenting and testing controls, providing expert content for expert systems.
     
  • Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (but NOT legal advice!).
     
  • Audit and assurance such as independent security strategy reviews; data centre & site/installation audits; software development projects audits (whether on, teetering or patently off-the-rails); supplier assessments/audits; ISO 27001 pre-certification audit (readiness check, gap analysis) ...
     
  • Budgeting - assisting clients to prepare, negotiate, review and approve sensible budgets and investment proposals for risk, security and assurance-related operations, management, projects, initiatives etc.
     
  • Business continuity management - are your organisation’s arrangements adequate to get you through a major incident or disaster? Is that just a wishful thinking or do you know things will be OK, for sure?
     
  • Change - being a credible, independent, convincing agent of change, helping clients create and exploit business opportunities to change-for-the-better, developing pragmatic strategies and plans, promoting and guiding execution, measuring success.
     
  • CISO coaching and mentoring - a knowledgeable, trusted colleague lending you an ear and expert guidance based on decades of experience. Also for CIOs, CROs and CEOs needing guidance on information risk and security matters.
     
  • Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
     
  • Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
     
  • Information security controls assessment - which standards, requirements or guidance you’d like to be reviewed or audited against - Cyber Essentials, perhaps, or ISO/IEC 27001/27701, PCI DSS, HIPAA, CSA, your own corporate standards or those of your customers maybe - and to what extent or depth?
     
  • IT installation review - check your physical security arrangements, essential supplies, data centre access and so forth.
     
  • Interim management - a safe pair of hands to hold the reins, stabilise the situation and perhaps assist with the recruitment of a permanent replacement CISO or ISM, or cover for someone on maternity or sickness leave.
     
  • ISO27k consulting - achieve and maintain ISO/IEC 27001 certification with my guidance, from initial planning through implementation support, ISMS management reviews and internal audits, leading to continuous improvement and maturity.
     
  • ISO27k support tools - help to determine your requirements, then survey the market,  evaluate, select and negotiate prices for the most appropriate tools/systems* for your organisation.
     
  • Policies and procedures - preparing pragmatic policies and procedures plus creative awareness and training content for staff, managers and professionals.
     
  • Post-incident reviews - dispassionately, competently and independently drawing out and evaluating relevant details, developing and elaborating on responses, providing forward-thinking management reports and initiating improvement activities.
     
  • Privacy impact assessments - need some help to review your privacy requirements and controls, dispassionately?  Call me!
     
  • Product specifications and evaluations* - determining the quality and suitability of commercial goods and services in relation to objectives and requirements in the risk and security domain.
     
  • Professional services security - identifying, evaluating and treating information risks associated with the provision and acquisition of professional services such as accountancy, tax and legal advice, consulting ...
     
  • Proposals - researching, preparing and reviewing proposals for information risk and security-related functions, roles, products, systems, apps, projects, initiatives, mergers and acquisitions, changes, investments etc.
     
  • Research studies - in the general area of information risk and security.  EXAMPLE.
     
  • Resilience engineering - establishing requirements, reviewing current capabilities, planning improvements and demonstrating genuine progress in areas such as resilient technology, people and infrastructure, plus the broader business and strategy aspects.
     
  • Risk and security strategy - developing, critiquing and contributing to strategies, approaches and plans relating to information and cyber risk and security.
     
  • Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.

    PRAGMATIC cover 150
  • Security metrics - developing measurement strategy and designing a suite of metrics to manage information risk and security systematically, effectively and efficiently; auditing, reviewing, evaluating and improving existing metrics.  I literally wrote the book on PRAGMATIC security metrics in conjunction with my good friend and guru Krag Brotby.
     
  • Stress relief - need some help though a difficult busy period, or to take a break for an actual holiday (not on-call)? Call me before it all gets too much.
     
  • Technical documentation - preparation and updating of readable documentation describing IT systems, services, software apps, processes etc., plus training materials, launch packs, technical support guides and more.
     
  • Custom services - call me for competent, independent guidance and honest, dispassionate advice. If you’re not entirely sure what you want, I can probably help you figure it out.
     

* I neither supply third-party products nor earn sales commission from suppliers other than miniscule commission on books and standards I wrote or recommend.

IsecT’s professional services

Contact us

Copyright © IsecT Ltd. 2024

Information risk and
security consulting