Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
ISO27k consulting - adapt and adopt the good practices from ISO/IEC 27001; gap analyses; certification support; competent, independent advice and guidance.
Security policies - preparing pragmatic policies and procedures plus creative awareness content for staff, managers and professionals.
Technical documentation - preparation or updating of readable documentation describing IT systems, services, software, processes etc.
Post-incident reviews - dispassionately drawing out and evaluating relevant details, developing and elaborating on responses, initiating improvement activities.
Security metrics - designing and implementing a suite of metrics to manage information risk and security systematically, effectively and efficiently; reviewing , evaluating and improving existing metrics.
Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.
Assurance - IT audits, ISMS internal audits & management reviews, data center & site/installation audits; software development projects audits; cloud supplier assessments/audits; pre-certification audits (readiness checks) ...
Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (NOT legal advice!)
Interim management - holding the reins, stabilising the situation and assisting with the recruitment and coaching/mentoring support of a replacement CISO or ISM.