Our Proven Approach

Chief Information Security Officer (CISO) advisory services help businesses develop, implement, and manage cybersecurity programs that guard sensitive information, strengthen brand reputation, and protect customer data.

Partnering with BARR gives you access to a team of skilled security professionals that serve as a virtual CISO, helping you establish a cybersecurity program or manage an existing one. We’ll help you build and maintain a program that is flexible and adaptive to the needs of its stakeholders. This includes a common structure to safeguard information assets and streamline business deals with customers’ security demands. Our proven approach includes four phases designed to build and optimize a customized cybersecurity program that caters to your business needs.

How It Works

https://www.barradvisory.com/wp-content/themes/salient/css/fonts/svg/arrows_hamburger 2.svg

Phase 1: Scope

We believe in determining the why before proposing the how, and that careful planning is imperative to achieve your security objectives.

https://www.barradvisory.com/wp-content/themes/salient/css/fonts/svg/basic_sheet_txt .svg

Phase 2: Assess

The next critical step in implementing a strong cybersecurity program once scope is defined is to identify gaps in your existing program.


Phase 3: Roadmap

Once gaps are identified, we provide a roadmap that turns those gaps into a competitive advantage.


Phase 4: Remediation

After gaps are identified and a cybersecurity roadmap is formulated, we help manage remediation of those gaps, execute on the roadmap, and provide ongoing support.

What to Expect During Each Phase


  • Identify and engage stakeholders
  • Map out core business processes including people, process, and technology
  • Identify system assets supporting scoped processes
  • Key deliverable: High-level scope definition customized to your organization


  • Facilitate working sessions with stakeholders and control owners to determine current state of your cybersecurity program
  • Assess agreed upon scope against chosen benchmark(s) (e.g., SOC 2, NIST CSF, ISO 27001, CIS Top 20, etc.)
  • Interviews, document reviews, system inspection
  • Key deliverable: Draft control discovery mapped to chosen benchmark(s) (e.g., SOC 2, NIST CSF, ISO 27001, CIS Top 20, etc.)


  • Develop recommendations for remediation
  • Define roadmap for both short-term and long-term sustainability
  • Present roadmap to leadership and address comments
  • Key deliverables: Risks, controls, gaps, and a prioritized remediation roadmap


  • CISO advisory support through the remediation process
  • CISO advisory services, as needed, based on previous phases
  • Knowledge transfer
  • Facilitate customer compliance questionnaires
  • Key deliverables: Refreshed information security policies, ongoing support, and other deliverables based upon decisions made in prior phases

Not only do we give you the tools you need for a successful cybersecurity program, we help you execute. Explore some of the services available to you as part of the remediation phase:

Risk Assessment

BARR offers a comprehensive risk assessment service that is designed to identify, quantify, and manage security risk. A thorough risk assessment can help you identify where you need to shore up your security controls to mitigate internal and external risk factors.

Policy & Procedure Documentation

Any successful security program will include a set of policies and procedures. We’ll provide consultation resulting in a customized set of policies and procedures that are both understood and followed by all members of your organization.

Security Project Management

Project management is essential to the successful execution of any cybersecurity program. Why? Because without it, cybersecurity projects are left ill-defined, underfunded, and past due. The BARR Advisory team helps you manage scope, schedule, and cost of cybersecurity initiatives.

Security Questionnaire Responses

When your customers send security questionnaires, you want to be ready with responses that will put them at ease knowing their data is safe with you. BARR formulates those responses and offers direct communication with your customers to help resolve any concerns they may have, leaving them feeling confident in choosing your product or service.

Internal Audit Service

Our team of experienced consultants work with your unique business needs to develop or enhance your internal audit function; identifying shortcomings in your internal controls, testing those controls, and providing actionable next steps. We perform audits against frameworks including SOC 2, NIST CSF, ISO 27001, CIS Top 20, and more.

Vendor Assessment

How can you hire third-party vendors and minimize the worry that they may not live up to your own security standards? We help you pinpoint the vendors that present the highest level of risk using a standardized, risk-based approach. Once identified, we offer simple steps to protect you from potential risks associated with using third party services.

Remediation Assistance

We will guide you through the steps to close the gaps within your cybersecurity program. It’s more than just a checklist—the BARR Advisory team provides on-demand, seasoned security specialists that help you prioritize, implement, and execute your remediation plan.

Readiness & Gap Assessment

A readiness and gap assessment is an important tool for identifying if your security systems are meeting standard protocols. We’ll help you identify areas vulnerable to cyber attacks, issues with compliance, deficiencies with security policy, flaws in security technology, and more.

Controls Identification & Mapping

BARR Advisory team will assist you in identifying systems and controls within your security program, and will map those controls to standards including SOC 2, ISO 27001, NIST CSF, CSA STAR, HIRTRUST, NYDFS, CIS Top 20, and more.

IT Governance, Risk, and Compliance (GRC) Advisory

BARR Advisory provides governance, risk, and compliance (GRC) services to help clients improve risk management, streamline information security processes, and reduce cost.

Save Yourself Time By Using Salient

Handling how you manage payments online is very important. Salient is a new innovative and easy to use method of sending & receiving money online. It’s fast, secure and free to sign up.

  • Top Customer Support
  • Most Liked Company
  • Best In Class 2016
  • Friendliest Group
  • Innovative Brand
One tip to boost password authentication security is to use a password manager, rather than a Post-it note next to your laptop.

Password Authentication: What It Is and How to Get the Most Out of It

| Cyber Hygiene, Data Privacy, Multifactor Authentication | No Comments

Password authentication and management—it’s something we can all agree is important, but it’s also something most of us find difficult to do. That’s why many of us create easy-to-remember passwords…

Webinar: Information Governance and Auditing in the Cloud. Logos: Kansas City chapter of the Institute of Internal Auditors, ISACA, Information Governance Group, and BARR Advisory

BARR Founder and President Co-presented Recent Webinar, Information Governance and Auditing in the Cloud

| Cyber Hygiene, Security | No Comments

BARR Advisory teamed up with the Kansas City chapter of the Institute of Internal Auditors (IIA), the Kansas City chapter of the Information Systems Audit and Control Association (ISACA), and…

Person holding tablet with image of VPN button on screen

SOC 2 Trust Services Criteria: What They Are and How to Select the Right Ones

| Data Privacy, Risk Management, Security, SOC Reporting | No Comments

One of the first steps you’ll take when preparing for a SOC 2 audit is selecting which trust services criteria (TSC) may be included in the report. Every SOC 2…

Senior Consultant, Cyber Risk Advisory, Julie Mungai

Q&A With Julie Mungai, Senior Consultant, Cyber Risk Advisory

| Careers | No Comments

Take a few minutes to get to know Julie Mungai, senior consultant, cyber risk advisory. Mungai joined BARR Advisory in February 2020, and has quickly become an integral part of…

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.