A method: the Quintilian Hexameter

Who are we trying to protect ourselves from?

This is the starting point of every security audit we conduct. Rather than beginning with existing security measures, we focus first on the nature and level of the threat.

What are we trying to protect?

The goal is to assign a value to both human and material assets, based on the operational impact their loss or disablement would have on business continuity. This asset valuation serves as the foundation for prioritising protection measures.

Where are the vulnerabilities?

Regardless of the overall system’s quality, a comprehensive assessment is essential before any meaningful recommendation can be made.

When will balance points be reached?

We provide a realistic and actionable timeline, which may include interim compensatory measures until full corrective actions can be implemented.

How do we achieve equilibrium?

Our guidelines cover material aspects (equipment to be acquired), operational dimensions (standardised procedures to be implemented), and human resources (team structure and staffing levels).

How much does it cost?

All our recommendations sit at the intersection of threat evaluation and the long-term sustainability of the business activity in question.