Expertise, À La Carte

Information Security Consulting

Cybersecurity is fundamentally a business problem. Critical Informatics approaches our engagements with a focus on limiting liability, reducing risk, and ensuring that your company is able to survive the scrutiny of customers, business partners, and regulators. While internal cybersecurity resources are beyond the means of all but the largest organizations, Critical Informatics can help your business to remain secure, compliant, and resilient.

Industries Served

Subject to the requirements of the Federal Financial Institutions Examination Council (FFIEC), state data breach reporting statutes, and significant customer expectations, the Financial industry is required to conduct network security monitoring and effective incident response. Additionally, compliance obligations include routine examination of firewall rules, review of security policies, and conducting penetration testing and security awareness training. CI provides all these services, from a security operation center that is certified as compliant with the SSAE-16 requirements.

The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with the privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). Critical Informatics conducts these assessments as an authorized HIPAA Business Associate, as well as providing managed detection and response to comply with specific requirements.

Learn More

The Critical Insight system for event collection may be used in the Operational Technology (OT) environment, and inside the electronic security perimeter. This provides energy utilities with a solution to managing these events in compliance with critical infrastructure protection standards, without hiring expensive resources. The Critical Insight solution is a good fit for both public and investor-owned utilities.

Critical Informatics provides end-to-end Cybersecurity-As-A-Service (CAAS) to the SMB. In addition to managed detection and response, compliance consulting services may be contracted on a subscription basis to perform periodic tasks: firewall rules review, policy development, security awareness training, vulnerability assessment and penetration testing – for less than the cost of a single full-time employee. Our consulting services also assist with business partner compliance for HIPAA, DFARS and others, so that you business may continue to operate.

Traffic management, 9-1-1, water purification, waste treatment, communication systems for law enforcement/public safety are all examples of the critical infrastructure operated by the public sector and operated at the local scale. Critical Informatics has deep roots in state and local government, and works with budgeting, procurement, and federated agencies to deliver cost-effective solutions to the public sector.

The high economic impact associated with a disruption in port operations makes it especially important and increasingly required (by the US Coast Guard as the sector specific agency) to monitor port networks and provide rapid response to compromised assets. With significant Port experience and customers, Critical Informatics provides assessment, National Institute of Standards and Technology framework compliance and monitoring for port authorities.

Information Security Consulting Services

Information Security

  • Technical Security Assessment
  • Risk Assessment for Cyber-Insurance Qualification
  • Protection of Critical Information and Systems
  • SCADA, ICS/DCS, OT & Critical Infrastructure
  • Security Architecture and Design
  • Access Control and identity Management
  • Datacenter and IT Systems Physical Security Assessments
  • People, Process & Technology
  • Security Operations Optimization
  • Security Solution Design
  • Focused Security Assessments for SMBs
  • Information Security Governance Program Development and Assessment
  • Intellectual Property Protection
  • Penetration Testing/Ethical Hacking
  • Wireless Security Assessment
  • IoT, Smart Cities, SCADA, PLC, ICS/DCS security and Device Testing


  • Compliance Assessment
  • Vulnerability Assessments
  • Virtually all Government & industry regulations
  • Risk Assessment – NIST, OCTAVE, FACTOR, ESRA, STAR
  • Compliance Tune-Up
  • Compliance Assessments and Readiness Assessments – PCI, HIPAA, CJIS, NERC/FERC, GLBA, ISO 27001/27002, NIST CSF, NIST 800-53 rev4, SANS Twenty Critical Controls
  • Enterprise Security and Programmatic Reviews
  • Liability Protection
  • Annual and Periodic review of systems
  • Policy, Process, Procedure Development and Review
  • Procuring Secure Solutions and Security in Contracts for Procurement Programs


  • Incident Response
  • Faster recovery from attack
  • Limit damage and control costs
  • Post-Response Forensic Investigation
  • Postmortem analysis
  • Incident documentation
  • Ransomware protection and recovery
  • Security Awareness Training
  • Back-up and Recovery Analysis and Design

Executive Services

  • Business Associate Agreement review
  • Vendor and service provider contract review
  • Security resource interview and vetting
  • Board of Directors advisory
  • Legal, wealth-management, and insurance advisory

Intellectual Property Protection

  • Identity and Access Management Programs
  • Access Control Assessments and Solution Design
  • Insider Threat Analysis

Data Protection

  • Network Security Assessments and Secure Design
  • Application Security Assessments and Secure Design
  • Wireless Assessment and Secure Design

Security Awareness and Training

  • Security Awareness and Training Programs
  • Social Engineering Assessments and Anti-Phishing services

Incident Response Consulting and Professional Services

  • Monitoring, Alerting and Incident Response Program Development
  • Incident Response, Forensics and Investigations
  • Legal Discovery Assistance
  • Threat intelligence Program Development
  • Encryption Solution Design