Liticode provides uncomplicated information security framework consulting services for businesses and partners. We utilize specially refined methods and tooling to ensure our customers obtain the best results for their money. Our professionals work in all verticals, world-wide, to help customers reach new levels of success. We have extensive experience in healthcare, finance, SDLC, security program builds and rebuilds, and manufacturing security. Please call us or email using the link below to discuss your information security assessment and consulting needs. All our deliveries include the tooling necessary to continue where we leave off, so your people can keep the ball rolling.
NIST CSF (and 800 series)
The NIST Computer Security Framework is the global standards for efficient information security maturity assessments and the recommended framework for anyone not in need of ISO coordination. The NIST CSF provides data for current state and longitudinal data over time for performance tracking. Our reports also include vertical and horizontal market maturity evaluations, current best practices, and data and modeling tools, included with our reports and graphics, free of charge. We utilize the Numenary Consulting Model to ensure a consistent, high quality product.
Industrial Security Controls
We start with IEC62443 for industrial and manufacturing customers, backed up with either NIST or ISO maturity model components to ensure we address both IT and OT aspects and provide the maturity metrics businesses need for ongoing performance tracking. Our reports also include vertical and horizontal market maturity evaluations, current best practices, and data and modeling tools, included with our reports and graphics, free of charge. We utilize the Numenary Consulting Method to ensure a consistent, high quality product.
ISO 2700x and 31000
ISO business process alignments are a specialty. With trained and certified ISO practitioners, we can align your programs with the ISO models to ensure compliance and operational efficiency. And do so in a very cost effective manner.
Minimum Viable Secure Product (MVSP)
MVSP is minimalist security baseline for enterprise-ready products and services. The limited baseline criteria for secure products fits well with rapid deployment environments, and the simplified security checklist fits well with small and agile companies that are not required to meet more complex compliance standards. MVSP is recommended for use with B2B software and business process outsourcing suppliers. Designed with simplicity in mind, the checklist contains only those controls that must be implemented to ensure minimum essential security governance of a product.
MVSP source information can be found here.
Administrative Functional Products
Liticode also provides custom work products based (usually) on prior gap and risk assessment output, or may come from audit findings and normal business planning needs. These types of items include manning for fractional or virtual positions like vCISO and contract program management. Topics can be any security program item such as program development, aligned to a standard, including continuous monitoring (ConMon). We provide information security program development (or rebuilds) in coordination with business management, for example, to get the business ready to pass a compliance review or similar milestone. We have a complete library of GRC documentation and can assist with development (charters, policy, standards, practices, audit materials, MOPs, COPs, and SOPs), or any specific documentation items that you need to satisfy compliance requirements, provided in a way that makes sense for your security and risk situation.
We also offer SDLC (systems/software development life cycle) program evaluations and improvements, including development of a software bill of materials (SBOM) management system. We help you ensure you have defined the processes you need to manage your lifecycle security issues and provide evidence for business and audit processes.
We also provide assisted table-top exercises (TTX) and planning to support any product or portion of a product we provide. We work with you to define the TTX you need and can assist you with execution and analysis.