Virtual CISO as a Service (CaaS)


Virtual CISO services start at $2000 per month (minimum six months, other restrictions apply). In addition, we offer a variety of specific information security services, including but not limited to:

Interim CISO: Need security executive coverage while conducting a search for the next permanent CISO? We can provide a virtual Chief Information Security Officer for continuity of operations and assist in the search and vetting of candidates.

Training: The human is the weakest link. We provide and manage online training to further your organization's information security awareness, reducing the risk of an information security incident caused by human error.

Information Security Risk Assessment: Information security is, at its core, risk management. Risks must be identified and prioritized so as to efficiently apply resources for mitigation. An Information Security Risk Assessment (ISRA) is the tool for managing and communicating risks to executive management and the Board of Directors. Without a solid ISRA, executives do not have a clear understanding of the information security risks they are ultimately responsible for, and staff have no direction on the risks to address. We can create and manage a complete and sustainable ISRA process.

Third-Party (Vendor) Reviews: Migrating to a cloud provider does not absolve an organization of its cyber security responsibilities. Controls must be assessed and confirmed to align with the corporate risk tolerance. Vendor information security reviews, to include thorough SOC1/2 audit reports, are an essential element of proper information security risk management. Let us put our years of experience reviewing vendors to work for you.

Network Vulnerability Assessments and Web Application Scans: Testing is the first step. Knowing what to prioritize in remediation and what compensating controls may work better than rectifying the primary control gap can save time and cost and add efficiency while increasing security posture.

Cybersecurity Assessment Tool (Financial Institutions): Navigating and completing the FFIEC’s Cybersecurity Assessment Tool (CAT) is a complicated process. With experience including participation in the development of the FSSCC Automated Cybersecurity Assessment Tool, we can help navigate all aspects of this de-facto standard cyber security assessment for financial institutions.

ISO 27001/2 Gap Analysis: ISO 27001 is the most widely followed information security framework worldwide, covering all aspects of an information security program. As a rule of thumb, an information security program aligned with and adhering to ISO 27001 will achieve most regulations and standards compliance requirements. We can get you there.

IT Security Assessments: Does your organization's firewall ruleset make sense? Are your other IT controls maximized for protection? Our experienced vCISOs provide an independent review to verify IT controls or recommend changes, all while not impeding business operations.

Compliance With Regulations and Standards: Whether PCI, HIPAA, SOX, GDPR, FERPA, NYS DFS, or another regulation or standard, we can help your organization achieve information security compliance.

Data Mapping Exercises: Where is your data? How is it protected? Data mapping exercises help to answer these questions and reveal gaps in controls - and is required for GDPR.

Information Security Program / Policy Creation and Implementation: The Information Security Program document and associated policies form the foundation of an organization’s information security program. We can design policies and standards (including RACI charts) to match your organization’s need and culture.

Business Continuity: Stuff happens. Your business needs to survive unintended events. Let us work with you to create meaningful BIAs and conduct effective table-top exercises to ensure continuity of operations, whatever the cause for the interruption.

Special Projects: Don't see what you need? Let us know - most likely we can help!

Contact us for a free consultation.