Citicus appoints Jerakano Limited as a Citicus Implementation Partner (CIP)

UK company Citicus® Limited has appointed Jerakano Limited as its latest Implementation Partner. Jerakano is led by Jason Creasey - one of the world's foremost authorities on information security and risk. Based in Surrey, UK, the company specializes in information security and risk management, providing consultancy services and contract assignments.

Announcing the appointment, Simon Oxley, Managing Director of Citicus Limited says:

"After 17 years with the Information Security Forum (ISF) — much of it as Head of R&D — where he spearheaded ISF risk management projects, tools and collaborations, Jason has an unmatched understanding of what constitutes best practice in managing IT and in protecting company information from the ever-growing volume and range of threats."

"As the 'father of the ISF Standard of Good Practice (SoGP) and Benchmarking service' he also has a unique grasp of the controls applied by leading organisations around the world and where they can be strengthened; and has an excellent knowledge of modern risk management tools."

"We are therefore delighted to be partnering with Jerakano in the information risk arena. Combining our capabilities will help public- and private-sector enterprises take full advantage of our award-winning Citicus ONE™ and Citicus ICS™ risk and compliance software."

"We will be showcasing the first fruits of our collaboration with Jerakano in London later this year at a joint workshop entitled Risk management - Better, Faster, Cheaper."

Marco Kapp, co-founder of Citicus Limited adds:

"We've worked together with Jason over many years — including on the ISF's Survey (latterly Benchmark), development of its Standard of Good Practice and its ground-breaking FIRM methodology which underpins our software to this day. We recognize his unrivalled ability to get to the nub of an issue and construct practical, cost-effective solutions."

"Thus we know how well-equipped Jerakano is to help companies optimize their use of Citicus ONE and conduct risk evaluations on their behalf. Finding time to carry out these specialized and time-consuming activities can be challenging in today's economic environment; outsourcing them to a trusted partner makes good sense and could be a breakthrough for many companies. We are really looking forward to collaborating with Jason in these areas."

Jason Creasey, Managing Director of Jerakano adds:

"Citicus ONE is the world's most advanced software for managing information risk — because it's built on solid foundations (the ISF's FIRM methodology, supported by detailed analysis of what makes information risk so high)."

"It comes pre-loaded with widely-used standards and frameworks needed to assess compliance with good practice (eg ISO/IEC 270001, SoGP, PCI/DSS), and can be configured to measure risk and compliance in other important areas (eg SCADA, supplier risk, compliance with company policies).

"Its configurability means Jerakano can easily load it with the policies and standards of practice that matter to individual enterprises — and help them implement these more effectively."

"In addition, Citicus ONE's approach using compact risk scorecards is highly-efficient and its reporting capabilities are outstanding, including its ability to track remediation activity through to completion. Thus we are really pleased that Jerakano has become a certified Citicus Implementation Partner."

What is Citicus ONE?

Citicus ONE is a web-based, risk and compliance management system. It measures the risk posed by information leakage, lack of integrity and unavailability, and can be used to measure and manage the risk posed by large or small-scale office systems, public-facing systems, payment systems, industrial control systems and IT infrastructure (eg data centres, networks). It can be applied equally well to other areas of operational risk (eg projects, sites, suppliers).

Citicus ICS is a specialized version optimized to measure the risk posed by industrial control systems (ICS), eg SCADA systems common in the process control environment.

Citicus ONE and Citicus ICS both measure risk and compliance via a continuing managed process using a methodology called FIRM that reflects 20 years of research into the factors that drive risk up or down and those which make risk programmes successful. This enables private and public sector organisations to measure the risk posed by their critical systems and compliance with good practice in a highly-efficient, objective and business-oriented manner.

About Citicus (

Citicus Limited was formed in 2000 by Simon Oxley, Sian Alcock and Marco Kapp (who led the development of FIRM. The company builds world-class automated risk management tools, derived from its collaborative development programmes, and provides education and training to help implement them successfully.

About Jerakano (

Jerakano Limited is a specialized information security management firm, offering consultancy services and contract assignments including assistance with implementing Citicus software; devising and configuring bases of evaluation; carrying out risk evaluations; and integrating the Citicus-based solution into an overall security management programme. Most of its team are 'Big Four' trained, with exposure to successful approaches adopted by hundreds of international organizations. They can therefore bring pragmatic, real world thinking to clients at a fraction of the 'Big Four' cost.

For more information, contact:

Simon Oxley, Citicus Limited
Tel: +44 (0) 1729 825 555

Marco Kapp, Citicus Limited
Tel: +44 (0)1306 742 072

Jason Creasey, Jerakano Limited
Tel: +44 (0) 1483 838 098

Citicus media relations
Tel: + 44 (0)20 7203 8405

Citicus® is a trademark of Citicus Limited, registered in the United Kingdom. Kindly ignore the (0) in telephone numbers if dialling from outside the UK.

Download PDF Back to News


Share this post