Pragmentum Security

Practical information security program guidance

For small and very small businesses making information security decisions with limited time and resources

Start with clarity to make better information security decisions

I help small and very small businesses support better informed information security program decisions, so effort and investment lead to meaningful risk reduction and stronger recovery readiness.

Start with a free Trust Assessment
See how the approach works

No obligation. The assessment is designed to be useful on its own.

The assessment helps to:

  • Clarify what matters most right now
  • Identify gaps
  • Prioritize improvements by risk and impact
  • Improve readiness for incidents and recovery
  • Getting a security program started or improved


This system provides a practical structure for planning, evidence, and confident decisions

The Trust Assessment

Work typically begins with a Trust Assessment. This is a short, focused review designed to establish orientation and clarity before detailed work begins.

It looks at how information security actually shows up in day-to-day operations, across people, process, proof, and partners. The goal is not to score or audit, but to understand what is in place today and what level of confidence that supports.

This provides a clear starting point for deciding what matters most next, whether that means taking no further action or moving forward deliberately.

Start with a free Trust Assessment

Pre-built governance for durable decisions

TrustHarbor includes pre-built governance that helps turn informed decisions into a coherent, manageable information security program.

Rather than starting from scratch, this governance provides a practical structure for defining roles, priorities, evidence, and accountability. It allows decisions to be recorded, explained, and revisited over time as the business, systems, or risks change.

The goal is not bureaucracy or overbuilding, but consistency, clarity, and confidence as the program evolves.

TrustHarbor does not require replacing existing governance. Where appropriate, current policies, documentation, or practices can be utilized or incorporated and aligned.

Why information security is challenging

  • Information security is widely understood to be important, but turning that into effective decisions and action is not straightforward
  • Advice is fragmented and standards can feel overwhelming
  • Solutions promise protection but rarely clarify what matters in your specific context
  • Business owners need support to identify what matters most and act with confidence

A practical structure helps focus attention, guide investment, and support timely, confident decisions.

A decision support system

To address these challenges, I use a practical decision support and governance system grounded in recognized standards and real-world experience.

That system is TrustHarbor. It provides a clear structure for making informed decisions about priorities, investment, and next steps.

TrustHarbor is not a checklist or a compliance exercise. It is guidance designed to help ensure effort and investment lead to meaningful risk reduction and stronger recovery readiness.

In practice, TrustHarbor helps:

  • define a practical and manageable information security program
  • align security effort with business priorities
  • support and measure defensible investment
  • improve compliance and readiness for incidents and recovery

Benefits of a TrustHarbor-informed program

When information security decisions are clear and deliberate, the program becomes easier to manage and sustain.

  • Confidence in answering “are we covered?”
  • Clarity on what to do next
  • Ongoing insight into how well the security program is working
  • A security program that evolves with the business and emerging threats

How engagements typically begin

Most engagements begin with a short, focused assessment to understand the business context, current practices, and the decisions that matter most right now.

The goal is not to score or audit, but to establish a clear baseline and identify where attention and investment are most likely to matter.

This initial step is designed to be low-effort and useful on its own, whether or not any further work follows.

The initial assessment provides:

  • an indication of current program maturity
  • clarity on immediate priorities
  • a shared understanding of gaps and risks
  • an informed basis for deciding next steps
Start with a free assessment

A simplified view of the TrustHarbor system structure.

Is this a good fit?

This a good fit for business owners looking to improve information security in a practical, proportionate way. It is likely a good fit if you:

  • want clearer guidance on what to do next
  • prefer practical decisions over theoretical completeness
  • need to balance security with limited time and resources
  • want a program that can evolve with the business
  • value clarity when working with partners or advisors

If you are unsure about fit, the short assessment is often enough to clarify whether this approach would be useful in your context.

A practical next step

Improving information security does not require doing everything at once. It starts by identifying and understanding what matters most right now, and making a small number of well-supported, often affordable, decisions.

Start with a free assessment

No obligation. The assessment is designed to be useful on its own.