We build amazing security programs.
The Atredis Risk Management team blends management consulting with deep industry experience. Our key strength is our team of seasoned, highly-technical security practitioners with decades of experience in building security programs. Whether you're rebooting a security program from the ground up, or tuning an existing program for a modern threat landscape, we help executives achieve challenging risk management goals and build successful, mature security organizations.
Our practice focuses on two areas, program assessments and program development. The distinguishing factor is that while assessments end with a deliverable document our development work ends when you've achieved your end security goals. If you want to understand whether your current security programs are working effectively, we can provide actionable, pragmatic guidance to bring your security program to the next level. When you need the expertise to implement that actionable guidance, we invest in learning your organization in order to build relevant, real-world security mapped to your organizational needs.
Key Services - Risk Management
Security Program Assessments
Framework based program reviews (NIST 800 series, ISO 27000 series)
Quantitative or qualitative analyses (FAIR, ISO 27005, NIST SP-800-30)
Compliance and regulatory analyses (HIPAA, FedRAMP, RMF, CSF, etc)
Threat modeling for systems, applications, or products
Enterprise security architecture and design reviews
Security Program Development Areas
Risk-based Information Security program development
Medical device security program review and development
Program controls definition and controls mapping
Awareness, process, regulatory training and workshops