Our History:

  • Founded in 1977 by Fred Cohen
  • Focus on information protection
  • Started with small-business consulting
  • Expanded to global corporate clients in the 1980s
  • Focused on strategic security decisions in the 1990s
  • Associates now available on five continents.
  • Almost 30 years of service to corporations, government, and academia.

    Our Process:

    • Understand the overall situation
    • Consider many stakeholder viewpoints
    • Develop and analyze viable options
    • Work with the client to focus decisions
    • Support decisions with facts and judgment
    • Present results in ways that help gain consensus

    We clarify the complex without simplifying out the key details.

    We translate clearly between management and technical experts.

    We temper expertise with common sense.

    Select Clients and Work Profile:

    • Cabinet level Federal Office
    • Top 5 Accounting firm
    • Top 5 Systems integrator
    • Top 5 Cable provider
    • Top 5 Microelectronics firm
    • Top 5 Financial services firm
    • Top 5 Pharmaceuticals firm
    • Top 5 Transportation firm
    • Top 5 Automotive firm
    • Top 5 Internet Service Provider
    • Top 5 Critical Infrastructure Provider


    • Enterprise level
    • Director level or above
    • Billion dollar or larger
    • Long term consulting relationship
    • Strategic in nature

    Typical Examples:

  • Information protection posture assessments to develop strategic, tactical, and urgent security plans.
  • Risk management program development and support for COSO-compliant risk management programs.
  • Security architecture development workshops and strategic security architecture plans.
  • Regulatory compliance program development.
  • ISO17799-compatible policy reconciliation, by-reference policy and final policy development.
  • Investigation of large-scale unreported internal information security incident.
  • Strategic scenario development, facilitation, and analysis for national policy decisions.
  • In-depth analysis of risk aggregating changes and planning for limiting aggregations of risk.
  • Business modeling for analysis of information security-related risk management.

  • To get in touch with us, email fred at all.net