Information Risk and Cybersecurity
Carmel’s information risk & cybersecurity practice is centered around taking the skills and judgment of experienced information security officers who have worked in larger publicly listed companies and making them available to small-medium companies.
Today’s threats do not discriminate between small, medium, or large companies. Any company with internet-facing web pages or other systems is subject to scrutiny by unauthorized parties on the Internet.
Despite their size, and inability to hire a full time security function, smaller companies nonetheless need an information security officer role to be filled on an On-Demand or Part-time basis.
ASSESSMENT of RISK
- Information and cybersecurity practices
- Privacy practices
- Regulatory and Compliance
- IT Governance and Organizational
- Technology
IMPLEMENTATION
Technology Sourcing and Implementation
• Security technology sourcing and RFP process
• Security technology project management (e.g. MDM, MSS, IPS/IDS)
Process Development and Implementation
• Information security processes and policies (e.g. Change control, Termination Process, Bring-Your-Own-Device, Acceptable Use of IT Policy)
• Enterprise IT governance, organizational structure (reporting, metrics)
• Enterprise risk management processes (risk register, corporate crisis management)
• Vulnerability management program and related processes
• Vulnerability scanning and penetration testing
People Training and Awareness
• Enterprise employee awareness and Phishing education programs
• Team awareness programs
• Executive training
ADVISORY
Trusted Advisor to Board of Directors, CFO, CIO, VP IT, Director of IT
• Security process review and re-engineering
• Security strategy and roadmap
• Gap analysis and project prioritization
• Privacy breach response
• Privacy and regulatory compliance landscape review
• Process and Policy Effectiveness and Efficiency
• Cloud Governance
The Time Is NOW for the Virtual CISO
In recent years, Carmel Info-Risk Consulting has been evolving from a project-based practice, to provisioning a mindful, prescriptive virtual CISO service based on widely accepted frameworks and principles that are proven to work.
Mid-sized British Columbia-based clients who have an IT department, but not a cybersecurity function, are increasingly finding that a one- or two-day a week retainer arrangement with a Carmel Info-Risk cyber specialist can provide them with a new focal point around cyber, driven by an industry expert who has had deep information security leader experience as either as a Director of Cybersecurity, or CISO for a medium to large organization.
Carmel Info-Risk clients receive the cybersecurity leadership and vision that they may be missing. We help these clients develop a cyber plan, implement policies and best practices, research and procure security technology, undertake risk assessments and conduct penetration testing.
In some cases, we provide the transition path towards having a full-time cybersecurity leader role. Carmel Info-Risk appeals to leading mid-sized companies that recognize that cyber threats represent real, potentially lethal, risk to their business. Before they can afford a full-time cybersecurity function, they may realize that they cannot afford to have a virtual CISO.
Business Analysis
The definition of “business analyst” can vary with each project and organisation. Requirements gathering techniques and evaluation methods are adapted to project and organisational needs.
Carmel has process, systems and data–focused business analysts specializing in:
• Process Reengineering
• Data Analysis
• BW Reporting
• Operational Excellence, Analytics
Project Management
Project management services are offered for full lifecycle implementation projects. Project managers are PMP certified and have expertise in the following areas:
• Process Reengineering
• Systems Implementations
• IT Security Campaigns
• Production
Industries of specialization:
• Retail
• Mining & Resource Engineering
• Airlines & Tourism
• Healthcare
• Manufacturing
• Government & Crown corporations
The methods employed to successfully implement is customized to your project and take into account various constraints (e.g., culture, timeline).
Custom Research
We can conduct a number of types of research for our clients using internally generated data, or publicly available data including that which resides on the Dark Web. We believe there are always new insights from taking a step back, and conducting research that will provide data-based decision making. We can work with you to formulate objectives for your research ideas, devise a defensible budget, and assemble a research plan, appropriate, resources that will lead to a final product of your choosing.