Let Cybersecurity Become Part of Your Company Culture

The Canvas Method for Information Security actively engages teams in risk identification and risk treatment.This heightens risk awareness and responsible behaviour throughout the organisation, and enables teams to make the right cybersecurity decisions.The Canvas Method helps internalise security norms and bridge the gap between compliance and business goals.

Get the Free Templates

We don't send spam and won't
share your data with anyone

Mastering Cybersecurity

The Canvas Method for Information Security will help you:

  • Establish risk awareness throughout the organization

  • Enable teams to make the right cybersecurity decisions

  • Create priorities based on actual risks

See the Canvas Method in Action

See how the Canvas Method establishes Information Security Management through a structured dialogue about risks and controls.

About the Canvas Method

The Canvas Method for Information Security was created by Richard Kranendonk as a tool for implementing a continuous and structured dialogue between business and security professionals.Richard studied organizational psychology in Amsterdam, worked in IT for 20 years, and now applies his knowledge and skills to bridge the gap between privacy and security frameworks and business goals.
Companies like Booking.com, Ultimaker, and Roche have used his services.

Do you want to learn how
the Canvas Method can
benefit your organization?

Canvas Method Workshops

Book a workshop for your team and learn how to implement the Canvas Method for Information Security in your own organization.

The Information Security Canvas © 2023 is licensed under CC BY-SA 4.0.

{1} Identify

Use the Risk Identification Canvas to identify information security risks:

  • Identify risk sources in your team's context and work processes

  • Discuss information security risks arising from these sources

  • Decide on risk treatment

{2} Control

Use the Controls Specification Canvas to specify risk mitigating measures:

  • Specify controls to mitigate identified risks

  • Define methods and target values to establish control effectiveness

{3} Implement

Use the Controls Implementation Board to implement an ISO 27001 compliant PDCA cycle for your security management:

  • Create a clear overview of security goals, and the controls to achieve them

  • Follow the implementation status for each control

  • Achieve continuous improvement

{4} Improve

Use the Information Security Monitor to ensure the effectiveness and compliance of security controls:

  • Discuss recent incidents and their root causes

  • Identify additional controls to prevent future incidents

  • Report on effectiveness of controls

  • Set actions for further improvements

Canvas Method Workshops

In 2 online workshops of 2 hours each, we will take you through the Canvases as they apply to your own organization.

  • You will learn the basics of information security and risk management.

  • You will learn how to interactively identify and analyse risks, specify controls, create policies and define security metrics.

  • You will learn how to handle incidents and nonconformities, evaluate the effectiveness of your information security risk management, and identify improvements.

After the workshops, you will be able to implement the Canvas Method for Information Security in your own organization.

🚀 Launch offer for 2 workshops: €995
Normal price is €1990

Thank you!

We will contact you promptly