It's all about the risk.

The CRMG approach works by identifying prioritised risks to your organisation and then determining the adequacy of your cybersecurity programme to mitigate these risks. And just as we prioritise the risks to the organisation, we also prioritise the controls that are needed to mitigate them. This means that we can help you target your cybersecurity budget, fix what’s most important first, and then plan further remedial action accordingly, all in line with your risk appetite and available resources.

For more information on how the CRMG approach can be tailored to your organisation, contact us.



Whether you want to develop a new cybersecurity policy or implement a more rigorous approach to intrusion detection, the way in which you go about it (in terms of rigour, resource and time) is likely to be informed by one of two things (or both):

Your Risk Profile: a view of what the cyber threat landscape means to you, given your activities, attractiveness as a target, vulnerability to attack and so on.. coupled with the level of risk you wish to take on (your ‘Risk Appetite’)


Your Compliance Obligations: typically legal/industry regulations with which you are required to comply in order to operate, irrespective of your risk profile.

Once we’ve worked with you to identify what your cybersecurity programme should look like and helped you put the building blocks in place, we’ll work with your audit team to develop test procedures so that the effectiveness of the programme can be monitored over time. We’ll even help your procurement and legal personnel get up to speed with the elements of the cybersecurity programme that impact supplier management.

Would you like more information?