The Control Policy Group

Security solutions built on security ROI

We help you select and implement and operate proven technologies, from trusted vendors.  We operate in an advisory capacity – working with vendors and end-user customers to attain the best fit from a business, technology and ethical perspective.

We provide technology selection and deployment services in the following areas:

• Enterprise network transaction monitoring and data loss prevention
• Discovery and audit
• IP protection at the point-of-use
• SCADA network data leakage prevention
• Remote Infrastructure monitoring
• IP security camera protection

We maintain long-term partnerships with a number of leading technology vendors. Our technical teams work closely with product developers contributing to the quality and reliability of the technology.

All security technologies are implemented using our proven 4 step Control Policy process:

Step 1 – Discover vulnerabilities in people, process and systems

A time of discovery – is often a time for unpleasant news, like senior managers taking confidential business development plans for private use or employees skimming credit card transactions. Using a combination of innovative interviewing techniques and surveillance technology, we will quickly discover the top 10 vulnerabilities in your people, process and systems.

Step 2 – Quantify and cost-justify

We then identify what are the right security countermeasures for a particular customer threat scenario.   We first perform a Threat Modeling exercise with client in order to estimate financial risk exposure from the current threat surface.  By examining the fixed and variable cost of the risk countermeasures, we are able to  provide the management board with a cost-justification for technologies and process changes.

Step 3 – Deploy, Implement and Monitor

Before active prevention of fraud, security and compliance violations with a network or agent-based technology – you start by monitoring of security and compliance policies.  We plan, deploy and implement using intensive on-site training and expert engineers.  We will not leave until the customer is well-trained and does not need any hand-holding. Our MO (modus-operandi) is based on teaching the security group how to be independent and self-sufficient in day-to-day operations.

We stand behind every technology we implement with a guaranteed localized SLA (Service Level Agreement) that is tailored to the customer’s business requirements.

Step 4 – Business process improvement

Monitoring is a highly effective countermeasure that raises employee risk awareness and discipline and drives continuous improvement in business processes, server configuration and application software security.   We advise clients to consider carefully implementation of active prevention – generally after a minimum of 9-12 months after monitoring has proven it’s value to the business unit.