Many years of practical experience in corporations of all sizes and
sorts have helped to hone our skills and allow us to temper our knowledge
Our in-depth technical knowledge and clear business understanding
gives us the ability to provide solutions that work for your business.
Our independence from products, vendors, and your organizational issues
provides us with a unique view that enables us act in your sole interest.
What our clients tell us:
Our business processes help facilitate orderly change over time.
We communicate effectively with both management and technologists.
We are direct, discrete, and very easy to work with.
- Timely assistance on the most difficult and complex
information protection issues.
- Help evaluating protection products, vendors,
technologies, programs, and plans.
- Help developing internal information protection
- Expert assistance available as needed.
|Advocacy provides clients with on-demand independent
information protection expertise.|
- An initial corporate protection overview provides
the context to properly address your needs.
- On a regular basis, we brief and sit in on corporate
security committee meetings.
- As needed, we research and report on special
topics and help address critical issues.
|The advocacy program provides a key team member
that would otherwise be missing.|
Select Advocacy Examples:
Outside "member" of corporate security committees.
Due diligence on risk management decisions about information technology.
Help implementation teams make technology decisions for a new global
On-site assistance during product/vendor reviews.
Strategic planning for a global protection program.
Evaluation of expert witness testimony and computerized forensic evidence.
Help funding agencies assess areas to support.
Supplement in-house expertise during Internet expansion and network
Protection Posture Assessment
An Initial Corporate Protection Overview
Dependencies + Vulnerabilities
+ Threats = Risk
Risk - Suitable Mitigating Actions = Residual
How does the business operate?
What are the critical business functions?
How are they implemented?
What would happen if:
information was corrupted?
information became unavailable?
the wrong information was sent out?
||The business implications of information
What is implemented?
How is it operated?
What protection is in place?
Actual incidents and what was done?
Suspected incidents and what was done?
||Weaknesses in technology, operations,
personnel, structure, ...|
Crackers for hire
Standards and procedures
We use analytical tools to help develop a wide range of protection
strategies that could work.
We combine our organizational knowledge with these strategies to develop
strategies that can work within the client's environment and culture.
We work with the client to find the best strategy to meet their needs.
We help the client work within their organization to mitigate risks
while minimizing business impact.
||Risk mitigation strategies must
be suited to the organization or they will ultimately fail.|
Process and results:
To contact us, send email to fred at all.net
- We visit and learn about dependencies, vulnerabilities, and threats.
- We come to understand what people do and how they do it.
- We develop a high-level understanding and the context to address specific
- We indicate protection weaknesses and organizationally suitable mitigation
- We produce a draft report on overall protection posture.
- We work with the client toward a final report while we help to mitigate
the most critical risks.
- We provide ongoing assistance through our corporate advocacy program.
- The client gets effective protection within the real constraints of