Security Programs

Our Philosophy 

Cyber security is no longer a knee-jerk reaction to an audit or simply a response to a breach.  Today’s companies are being proactive and want to establish a security program upfront that is aligned with the business requirements and meets the goals of risk mitigation.  We offer many services, both in part or as part of a complete program, to clients in this space and these include those listed below.

Cyber Security Framework

We work with our clients to establish an industry aligned framework, whether it be COBIT, ISO, NERC CIP, NIST, etc.  We have even taken industry frameworks and trimmed them down for smaller clients, making them palatable yet not diminishing the security requirements.  The benefit to this approach is both applying security holistically, as well as being consistent.  It affords the use of common language and terms and is recognized by your peers as well as new employees joining your company.

Maturity Assessment

We provide full maturity health assessment services around the framework of choice, be it NIST, ISO, PCI, etc  with executive and board reporting as required.  Our maturity assessments cover the program from the high level, giving management an immediate view of the health of cyber security within IT or OT. Additionally, when done annually, this provides a mechanism to measure the progress of security initiatives and effectiveness of the program over time.


Key to a successful security program is creating a set of initiatives into a roadmap and understanding the objectives behind each. We work with you to define the target state of maturity for your controls and then prioritize the initiatives based not only on risk but on business drivers and realistic ability to implement in a given time frame. We make our roadmaps pragmatic and tactical in nature, allowing you to clearly envision what is required and simplifying the implementation.

Reporting Metrics

The ability to report on progress and health of a program is key to it’s ongoing success. Senior management needs a window into the cyber security world without having to spend time trying to understand the technical vulnerabilities and risk. To enable this transparency, we assist clients to develop key metrics, aligned with regulatory requirements and internal policy. This provides the upward reporting and assurance to the executive.


“Your approach is unique and gives us flexibility.”

– CIO, Crown Corporation

“First time someone was actually able to tell me how we are doing and what I need to be concerned about.”

– Shipping Company CEO

“…your contribution to this audit was invaluable…”

– Senior Government Auditor

Contact Us

Iron Spear is committed to you. We know how important your online security is and we are ready to help you establish guidelines to keep your data safe. Contact us today.

Information collected in these fields is used by Iron Spear to contact you in response to your inquiry.

11 + 5 =

Explore how Iron Spear can bring insight and value into your cyber security program, or perhaps you are simply seeking some advice around cyber security. Give us a call or send us an email and we will be happy to assist.

Call Us: Toll Free  1.800.561.4007