We support security leaders with good practices, templates, and instruments refined and tested through years of real-world experience across hundreds of engagements.
A tailorable instrument for assessing cybersecurity maturity based on NIST CSF v2.0
A complete set of fully-authored, annotated, and tailorable cybersecurity policies
A complete suite of instruments and templates for triaging, assessing, treating, and monitoring cyber risk
Our CISO Dashboard enhances the NIST CSF v2 framework.
Our instrument adds clearly defined maturity tests and proof-points for every CSF family, category, and sub-category.
Completing the instrument allows you to quickly establish your baseline security posture, identify gaps, and prioritize projects and budgets.
As projects are completed, updating the instrument provides a near-real-time update to your security posture.
We provide a full set of cybersecurity policies that are fully populated with policy statements aligned to the CSF.
Each policy document is annotated to indicate where the contents should be tailored to your organization’s risk profile and risk tolerance.
Through a series of workshops, we guide you through the review-edit-ratify life cycle.
We can also augment your tailored policies with standards, guidelines, and standard operating procedures.
Using our existing templates and instruments, and based upon your organization’s risk posture and risk tolerance, we help you tailor practices for evaluating and treating cybersecurity risks.
• Risk Taxonomy
• Risk Profiling
• Threat Library
• Threat-Risk Assessment
• Control Assessment
• Business Impact Assessment
• Strategic Risk Register
• Communication Templates
• Metrics & Reporting (KRI/KPI)
Our Breach Readiness Accelerator combines failure mode analysis, unified kill chain analysis, risk analysis, and business impact analysis to help you proactively plan for cybersecurity breaches by aligning and prioritizing technology improvements in a risk-informed manner. Our method can also be used retrospectively to help you prioritize mitigation efforts upon discovery of Indicators of Compromise or an actual breach.
Our Data Protection Accelerator helps you rapidly improve your organization’s ability to defend against unauthorized disclosures and other forms of data loss, including customizable decision trees for determining where to apply which data protection techniques and solutions.
Our Fine-Grained Access Accelerator helps you determine the appropriate policy framework for fine-grained authorization (GBAC, RBAC, ABAC, PBAC). Our method accelerates policy modeling and helps you standardize run-time access controls across all of your apps to consistently enforce information barriers.
Our Identity Modernization Accelerator provides a migration template and project guidance method to help you transition from legacy identity management solutions to zero-trust cloud-based platforms where identity is the perimeter. It incorporates Just-in-Time (JIT) Privileged Access Management to improve the integrity of cloud and hybrid environments.
Our RFx Evaluation Matrices are customizable tools that facilitate objective collaboration between your technology and procurement teams when evaluating and selecting technology service providers.
Our Business Case Modeler helps you develop solid risk-informed business impact analyses to cost justify and prioritize spending on cybersecurity, identity, privacy, and risk management projects.