CIMA offers a full range of information security services to assist its clients achieve business objectives and delivery value. With over a quarter of a century offering security consulting and management services, our management team has served financial, health care, technology, defense, energy and utilities industry organizations.

Awareness & Training

One area of information assurance programs that have been well known to offer the greatest return on investment is awareness and training. One of the misconceptions however, is the potential for complexity depending on your organization's needs. CIMA offers a variety of expert services to help you meet your business goals.

Emergency Response Services

Effectively managing security breaches proactively and reactively can be the difference between keeping your clients, minimizing the impact to your stock price, and maintaining your company's professional brand image. CIMA experts can help you:

• Before an incident, we can proactively help you understand and document the critical process of managing security breaches that will put your company's reputation and clientele base at risk.
• During an incident, we can act as an external facilitator to help your team come together in an organized and productive manner to systematically and effectively work through a security breach or system compromise, reduce risk, and bring the event to closure.
• After an incident, we can work with your team as a facilitator to walk you through a post incident review to identify root causes that allowed the incident to occur and a plan of action to prevent future ones.

General & Architectural Consulting

There are a host of topics that arise with the area of information security comes up in a discussion. In fact ISC2 promotes that this area of discipline is so broad that it has been divided in to ten (1) general domains of management practices. Inside each of these area, there is a volume of sub topics, many of which many companies will have to address at one point or another. Our experts are multi-domain disciplinarians and can offer general consulting on all topics within the information security practice, as well as specialized areas such as IT virtualization security.

Interim CISO and Management Staffing

On occasion an organization experiences the loss of a critical leader. To help ensure critical operations and initiatives are not put at risk, strategic thinkers bring in temporary resources to bridge the time required to recruit and bring on the right person.

IT Governance Development

Developing information technology governance is more of an art than a process. Our experts have assisted numerous companies to not only develop a new governance framework and supporting policies, standards and subordinate documentation, but also avoid the pit falls of rolling them out prematurely or improperly. Our DIRECTION Methodology ensures a structured and proven method of achieving success.

ISO 27001 Organizational Certification Preparation Support

In today's competitive and highly regulated business landscape clients and business partner organizations are looking for cost effective validation that you have an acceptable level of controls to minimize their risk and demonstrate the execution of due diligence on their part? When faced with this scenario many organization have set ISO 27001 certification as a goal to demonstrate competence in the protection of sensitive client and business information. Having a professional consulting firm assess your current state and help to develop an action plan for compliance helps to support a business case for funding to close gaps.

Regulatory and Standards Compliance

One of the biggest challenges for IT since Y2K has been regulatory compliance. With the plethora of legislation enacted e.g. HIPAA, GLBA / FFIEC, SOX 404, etc. along with new standards that have been mandated i.e. PCI-DSS organizations have been challenged to keep up as the list continues to grow each year. Leveraging independent experts can help to offer guidance on how other organizations have succeeded at similar efforts.

Threat Risk Assessments

An effective information security program leader performs regular internal and periodic independent third party threat risk assessments to understand what threats and risks the organization's information assets are facing. Most importantly, this information must be translated into meaningful business information with a supporting mitigation plan, for the business and technology leadership to make informed risk trade off decisions. Extending this into the virtual environment of your technology assests is critical to ensuring an overall balanced risk environment.

Strategy Development

Your organization needs to understand the direction and investment necessary to achieve and maintain a secure state of business and technology operations. Developing an enterprise information security strategy or road map, will help clarify these issues and give authoritative guidance to all parts of the organization. It will also demonstrate to regulators and auditors that effective leadership is in place and is being exercised.