UK company Citicus® Limited has appointed Jerakano Limited as its latest Implementation Partner. Jerakano is led by Jason Creasey – one of the world's foremost authorities on information security and risk. Based in Surrey, UK, the company specializes in information security and risk management, providing consultancy services and contract assignments.

Announcing the appointment, Simon Oxley, Managing Director of Citicus Limited says:
“After 17 years with the Information Security Forum (ISF) – much of it as Head of R&D – where he spearheaded ISF risk management projects, tools and collaborations, Jason has an unmatched understanding of what constitutes best practice in managing IT and in protecting company information from the ever-growing volume and range of threats."

"As the 'father of the ISF Standard of Good Practice (SoGP) and Benchmarking service' he also has a unique grasp of the controls applied by leading organisations around the world and where they can be strengthened; and has an excellent knowledge of modern risk management tools."

“We are therefore delighted to be partnering with Jerakano in the information risk arena. Combining our capabilities will help public- and private-sector enterprises take full advantage of our award-winning Citicus ONE™ and Citicus ICS™ risk and compliance software. We will be showcasing the first fruits of our collaboration with Jerakano in London later this year at a joint workshop entitled Risk management - Better, Faster, Cheaper.”

Marco Kapp, co-founder of Citicus Limited adds:
"We've worked together with Jason over many years – including on the ISF's Survey (latterly Benchmark), development of its Standard of Good Practice and its ground-breaking FIRM methodology which underpins our software to this day. We recognize his unrivalled ability to get to the nub of an issue and construct practical, cost-effective solutions."

"Thus we know how well-equipped Jerakano is to help companies optimize their use of Citicus ONE and conduct risk evaluations on their behalf. Finding time to carry out these specialized and time-consuming activities can be challenging in today's economic environment; outsourcing them to a trusted partner makes good sense and could be a breakthrough for many companies. We are really looking forward to collaborating with Jason in these areas."

Jason Creasey, Managing Director of Jerakano adds:
“Citicus ONE is the world's most advanced software for managing information risk – because it's built on solid foundations (the ISF's FIRM methodology, supported by detailed analysis of what makes information risk so high)."

"It comes pre-loaded with widely-used standards and frameworks needed to assess compliance with good practice (eg ISO/IEC 270001, SoGP, PCI/DSS), and can be configured to measure risk and compliance in other important areas (eg SCADA, supplier risk, compliance with company policies). Its configurability means Jerakano can easily load it with the policies and standards of practice that matter to individual enterprises – and help them implement these more effectively."

"In addition, Citicus ONE’s approach using compact risk scorecards is highly-efficient and its reporting capabilities are outstanding, including its ability to track remediation activity through to completion. Thus we are really pleased that Jerakano has become a certified Citicus Implementation Partner”.

What is Citicus ONE?
Citicus ONE is a web-based, risk and compliance management system.  It measures the risk posed by information leakage, lack of integrity or unavailability and can be used to measure and manage the risk posed by large or small-scale office systems, public-facing systems, payment systems, industrial control systems and IT infrastructure (eg data centres, networks).  It can be applied equally well to other areas of operational risk (eg projects, sites, suppliers).

Citicus ICS is a specialized version optimized to measure the risk posed by industrial control systems (ICS), eg SCADA systems common in the process control environment.

Citicus ONE and Citicus ICS both measure risk and compliance via a continuing managed process using a methodology called FIRM that reflects 20 years of research into the factors that drive risk up or down and those which make risk programmes successful. This enables private and public sector organisations to measure the risk posed by their critical systems and compliance with good practice in a highly-efficient, objective and business-oriented manner.