Virtual Chief Information Security Officer (vCISO)


Everyone knows that there are things you should be doing that makes your business more secure. You should have a firewall. You should have anti-virus.  You should have a security policy in place that says you have a firewall and anti-virus.

 

Those are all great, but they are piecemeal actions designed to check a box so you can tell people that you take security seriously.  Is this another box you can check; “It’s So and So’s job to maintain all of that”?

 

Enter the vCISO Team….

 

A vCISO Team is an innovative approach for businesses that have a finite budget to support dedicated security professionals, tactical expertise in evaluating company policies or crafting new strategies to address specific obstacles.  Our vCISO team shift the approach from “checking boxes” to building programs and crafting a  work flow methodology that ensures those boxes will always checked. But is certainly not just about the check-boxes, it is about crafting a corporate philosophy that has a more holistic approach to the business, the reputation of the business and the risks associated with running that business.  Our team will know exactly what the biggest risks are to your company and build programs to directly address those risks.

 

Our vCISO Team is not virtual in the sense that it is some elaborate computer program deployed to a business like we have seen in movies. The vCISO team provides cyber & physical security expertise in place of a full-time staffer or staffers for a fraction of the cost. Our first priority is to  understand the complete organization structure, its mission and its overall presence in the world; then we go to work!

 

The vCISO Solution

What your business will gain from using our team is much more important.

  1. Honest Assessment of your Security Strengths and Weaknesses as a Company.  Everyone wants to believe they already know this, but we also know that the critical eye of an industry professional can alter one’s own perception.
  2. Shift Your Security Stance from Reactive to Proactive.  Reacting to threats such as AdWare or RansomWare on a daily basis can be costly, from both solving that direct problem to the hourly expensive of the tech tasked with fixing it…and those are the easy solutions.  What happens when your network runs up against a Brute Force Attack? Implementing policies and systems that address future threats while mitigating todays problems is more solid foundation to operate from
  3. Develop a Roadmap to Success. What are the key Security risks to your business right now and how does vCISO set about solving them in a concrete time-line?  What are your longterm opportunities and are you on the path to realizing them?
  4. Craft a Culture of “Compliance”.   Compliance can be different things to different businesses, but add to the solid foundation you are already working on building.
    • Creating a culture of compliance simply means that we help you establish a list of parameters to achieve and then we help you deploy the best processes to achieve those measurable goals.
    • It may also a specific industry framework that has been established or will be required for certain industries.  If you are a defense contractor, we will position you to be DFARS or ITAR compliant.  Other frameworks include GDPR, NIST 800-53, CSC20, etc.
  5. Think in Terms of Verification. It is no longer good enough to say you are Hippa compliant or that you update your anti-virus daily~you need to prove it.  Adding verification capability into your communication plan will directly support a Culture of Compliance and improve the work flow in your Roadmaps.  It may also prove to be an invaluable asset in business development. (And we like new revenue streams!)

 

 

Engaging vCISO

Each vCISO engagement is customized to the client but adheres to the fundamental five principals.

Program Structure:

  • 12 Month minimum life cycle