Carmel’s information risk & cybersecurity practice is centered around taking the skills and judgment of experienced information security officers who have worked in larger publicly listed companies and making them available to small-medium companies.

Today’s threats do not discriminate between small, medium, or large companies. Any company with internet-facing web pages or other systems is subject to scrutiny by unauthorized parties on the Internet.

Despite their size, and inability to hire a full time security function, smaller companies nonetheless need an information security officer role to be filled on an On-Demand or Part-time basis.

ASSESSMENT of RISK

• Information and cybersecurity practices
• Privacy practices
• Regulatory and Compliance
• IT Governance and Organizational
• Technology

IMPLEMENTATION

Technology Sourcing and Implementation
• Security technology sourcing and RFP process
• Security technology project management (e.g. MDM, MSS, IPS/IDS)

Process Development and Implementation
• Information security processes and policies (e.g. Change control, Termination Process, Bring-Your-Own-Device, Acceptable Use of IT Policy)
• Enterprise IT governance, organizational structure (reporting, metrics)
• Enterprise risk management processes (risk register, corporate crisis management)
• Vulnerability management program and related processes
• Vulnerability scanning and penetration testing

People Training and Awareness
• Enterprise employee awareness and Phishing education programs
• Team awareness programs
• Executive training

ADVISORY

Trusted Advisor to Board of Directors, CFO, CIO, VP IT, Director of IT
• Security process review and re-engineering
• Security strategy and roadmap
• Gap analysis and project prioritization
• Privacy breach response
• Privacy and regulatory compliance landscape review
• Process and Policy Effectiveness and Efficiency
• Cloud Governance

The Time Is NOW for the Virtual CISO

In recent years, Carmel Info-Risk Consulting has been evolving from a project-based practice, to provisioning a mindful, prescriptive virtual CISO service based on widely accepted frameworks and principles that are proven to work.

Mid-sized British Columbia-based clients who have an IT department, but not a cybersecurity function, are increasingly finding that a one- or two-day a week retainer arrangement with a Carmel Info-Risk cyber specialist can provide them with a new focal point around cyber, driven by an industry expert who has had deep information security leader experience as either as a Director of Cybersecurity, or CISO for a medium to large organization.

Carmel Info-Risk clients receive the cybersecurity leadership and vision that they may be missing. We help these clients develop a cyber plan, implement policies and best practices, research and procure security technology, undertake risk assessments and conduct penetration testing.

In some cases, we provide the transition path towards having a full-time cybersecurity leader role. Carmel Info-Risk appeals to leading mid-sized companies that recognize that cyber threats represent real, potentially lethal, risk to their business. Before they can afford a full-time cybersecurity function, they may realize that they cannot afford to have a virtual CISO.

Business Analysis

Project Management