Information Security Executives

Information Security Executives is a consulting firm that provides leadership in Information Security and Risk Management with a focus in regulated industries. Our typical client is interested in raising the bar when it comes to information security, but doesn't have the budget or desire to hire a full time Information Security Officer. Our typical engagements consist of providing leadership in the form of guidance, direction, project prioritization, staffing and strategy.

We provide executive, leadership and practitioner related expertise to help organizations mature and mobilize their Information Security strategy. Whether there is a robust security strategy already in place that needs some tweaking or there is a desire to move the needle on protecting corporate data and assets, we can help. The following are just a few examples of projects done for other organizations:

Creation of Policy, procedures, and standards (in various forms)
Data Loss Protection (DLP) Program
State/FDIC/OCC Examination gap analysis (Banking)
Audit and exam remediation consulting
User access reviews (SOX)
External vulnerability assessment
Penetration testing
Internal vulnerability scanning and review
Budget planning and strategy
Wireless System review
Compliance based consulting (PCI, HIPAA, FFIEC, DFARS)
Data classification consulting

Security Assessments
Incident Response Planning
Business Continuity Planning
Disaster Recovery Planning
Training (Security Awareness / Information Security Leadership)
Risk Management / Assessments / Strategy
Board Presentations / Metrics
Policy Review
Security Product Evaluation
Identity and Access Management Consulting
Vendor management program build-out
Perform third-party reviews (SOC1/2/SSAE16)

Our approach involves a three-pronged approach: governance of information security, regulatory and compliance, and data protection.
Our staff maintains many industry leading certifications including the following: CISSP, CISM, CRISC, CISA, ITIL, C|CISO, COBIT, Security+