JC Hanlon Consulting, Inc. (JCHCI) was established in 2004 in response to a growing need to provide responsible security for employees, facilities, and critical business information resources. JCHCI is a premier security consulting business reaching out to companies of all sizes. The company offers a complete spectrum of information security consulting services, including business impact analysis, risk assessments, security program reviews, disaster recovery and incident response planning, security awareness program development, secure network architecture design, security policy development, and more as well as a unique “Security Officer on Loan Program”. The company has its roots shaped by the real-life experiences of security officers from fortune 150 companies looking to share their experience and expertise.
The primary objectives of JCHCI are to:
- Assist our customer in maintaining the availability, confidentiality, and integrity of their business information and help them develop the means to comply with their regulatory, legal, contractual, industry, and policy requirements with respect to information risk management
- Develop a network of employees, partners, and associates that can provide subject matter expertise and service to our customer in a manner consistent with JCHCI's standard of ethics
- Build a business with a reputation for value, integrity, fairness, and effectiveness
Orientation to Security
Each member of the JCHCI senior management team is CISSP certified and are actively involved in industry and community organizations focused on security related issues. Our programs are based upon the ISO17799/BS7799 international security standard and follow common auditing standards for program maturity. While JCHCI embraces these standards and practices, it is our view that any practical solution must be articulated by our customer’s business needs and culture.
The JCHCI company philosophy is simple and formed out of real life experiences. Our senior managers have been in the trenches working through real issues. Everyone working for JCHCI has a heart for people, high ethical values, and a good sense of balance when it comes to business needs and solutions.
The JCHCI marketing efforts are intended to reach the senior or “C” level management within organizations. Our goal is to help the organization develop a true “Top Down” approach to security management by presenting security as a business governance issue. Our efforts reach across various industries, business sectors, and governmental agencies. The majority of these efforts are centered on mid-sized companies and the remainder assisting large, small, and not-for-profit companies as well as city, county, state, and federal agencies. The purpose is to help organizations either develop a new security program or for those that have an existing program; provide assessment services to help them improve or certify their current efforts. JCHCI’s security management experience reaches into over twenty-eight countries throughout Asia, Europe, North and South America.
Message from the CEO
“After speaking at and attending various security summits and conferences over my career; it seemed clear to me that companies want to do the right thing when it comes to security, but have to wade through the barrage of vendors that scare you half to death about security while they have no clue or interest about what your business really needs.
In many cases companies do not have a formal plan or structure for their security programs and quite honestly do not know where to begin and who they can trust. So they pull back into a protective shell and hope for the best. This is where we fit in; we have been there and have been successful at working through the issues.
When we set up the security program for the last company I had worked for, we were in a similar boat. It took extensive vendor interviews to determine which ones really cared about what we were trying to accomplish. Many vendors pushed products and services at us using what they call “FUD” (fear, uncertainty, and doubt). I was amazed at how often we would have to force the vendors to fall out of love with their presentations and just sit and listen to where we were and what we needed to accomplish. Even more amazing was how few were actually able to do that.
Our goal is to meet business where they are at, and determine what is working and what needs fixing. Realizing that security is something the business would rather not have to address, it is important that all efforts are made to keep both security costs and its impact to the business to the lowest level necessary.
Too often security is seen as a technology issue. While technology is involved, security is a people issue. In almost every case where there have been serious security breaches in companies, they had invested significant dollars in technology to protect themselves. The problems occurred because people either accidentally or maliciously did something that could have been prevented by simple common sense or observation.”
- Jim Hanlon