Governance, Risk and Compliance

Complying to regulations, and managing cyber security risks.

Consulting & Advisory Services

Risk is what defines any business, but understanding and actually quantifying it is a competitive advantage. As a company, it is also your duty to comply with all of your industry regulations. Silent Breach offers advisory services to help companies meet and exceed existing regulations, and be aware of their security exposures and market risks.


Business Impact Analysis

Disaster recovery planning is a multi-stage process, and one of the most vital of those stages is the business impact analysis (BIA). A business impact analysis is where you research the likely impacts of a disruption to your organization in terms of loss of business, effects on your reputation, loss of staff and loss of data.

In some ways it is the heart of the disaster recovery planning process because it is during the business impact analysis that you will determine the precise effects of disaster on your organization.

Our consultants are ISO 22301 certified and are able to help you define your business impact analysis plan in line with a full business continuity strategy.

Threat Modeling and Risk Assessment

Understanding threats and evaluating the likelihood of an attack is extremely valuable.

Creating a threat model allows you to clearly establish the angles any attacker would be likely to use to attack your organization, and evaluate the risk for each attack vector. Threat modeling is an essential step towards risk mitigation, and repeatable risk assessment procedures. With ever-changing IT environments (patches, system upgrades), risk assessments should be performed on a regular basis.

Sharing common knowledge among the IT security team through threat models, and being well aware of where an attack could come from, is also an important part of a full business continuity strategy.


Risk Aversion

We don't live in a perfect world and sometimes risks need to be accepted and managed within what the company is able to sustain. But how much risk are you prepared to accept and plan for?

Our risk aversion program determines exactly what constraint your company is dealing with (budget, skills, man power, etc..) and defines a risk aversion index to help you take realistic measures within your IT security strategy.

Security Awareness Program

Over three quarters of the data breaches occur when employees open an infected email, or visit websites that compromise the security of the entire company. Ransomware is a new threat for businesses around the globe, and all employees should be trained to avoid this kind of threat through simple precautions that are easy to implement.

Our on-line eLearning program can make employees more aware of the risks, be more cautious with sensitive data and implement the company policies in terms of corporate security.

Silent Breach offers a wide range of on-line eLearning videos to train staff to be more security aware.



Information security is often feared as an amorphous issue that only the IT department has to deal with. The reality is that companies need to be concerned with complying with information security from top to bottom. Regulations are in place that can help a company improve information security while non-compliance can result in severe fines.

Silent Breach offers 'fast track' compliance programs for SOC-2, ISO 27001, CMMC 2.0, NIST 800-53, NIST Cyber Security Framework (CSF), HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA).

Business Continuity Planning

If you want peace, prepare for war. That pretty much sums up the need for an effective business continuity plan.

Silent Breach can deliver all of the services above to advise and implement a full business continuity plan following the ISO22301 standard.

Silent Breach is committed to assisting companies in any or all of the aspects of disaster recovery and business contingency planning, as well as compliancee with industry regulations.