Ongoing virtual CISO services plans are offered over several levels:
Note, these are examples. Each level is customizable depending on industry and engagement goals. Call (833) VCISOSV (833-824-7678) to schedule a free consultation to determine what solution is right for your organization.
In addition, we offer a variety of specific project-based engagements, including:
Small and Midsized Business Online Assessment: Do you need a high-level assessment of your information security posture? When you answer our online security assessment questions, a virtual CISO provides feedback and recommendations. There is no more cost-effective way to obtain meaningful CISO advice.
Governance, Risk, and Compliance (GRC): Our eramba managed GRC service enables tracking and dashboard reporting on information security risks, compliance with various frameworks and regulations, asset management, and tracking of incidents. Clients have visibility into their program's KPIs via a secured website. May be added to any package above for an additional fee.
Training: The human is the weakest link. As a KnowBe4 partner, our virtual CISOs provide and manage online training to further your organization's information security awareness, reducing the risk of an information security incident caused by human error. May be added to any package above for an additional fee.
Information Security Risk Assessment (Qualitative): Information security is, at its core, risk management. Risks must be identified and prioritized so as to efficiently apply resources for mitigation. An Information Security Risk Assessment (ISRA) is the tool for managing and communicating risks to executive management and the Board of Directors. Without a solid ISRA, executives do not have a clear understanding of the information security risks they are ultimately responsible for, and staff have no direction on the risks to address. A virtual CISO will create and manage a complete and sustainable ISRA process.
Information Security Risk Assessment (Quantitative): Qualitative risk assessments are great at identifying and prioritizing the highest information security risks but , as a subjective approach, cannot convey true exposure. An Open FAIR™ licensed quantitative risk assessment performed by an Open FAIR™ qualified virtual CISO provides a cost range of risk exposure. Requires a qualitative risk assessment. May be added to any package above for an additional fee.
GDPR Readiness Assessment: Concerned how the General Data Protection Regulation? A virtual CISO can analyze your information flows and provide an assessment of your organization to comply with the GDPR.
ISO 27001/2 Gap Analysis: ISO 27001 is the most widely followed information security framework worldwide, covering all aspects of an information security program. As a rule of thumb, an information security program aligned with and adhering to ISO 27001 will achieve most regulations and standards compliance requirements. Our virtual CISO can get you there.
IT Security Assessments: Does your organization's firewall ruleset make sense? Are your other IT controls maximized for protection? Our experienced virtual CISOs provide an independent review to verify IT controls or recommend changes, all while not impeding business operations.
Information Security Program / Policy Creation and Implementation: The Information Security Program document and associated policies form the foundation of an organization’s information security program. A virtual CISO will design policies and standards (including RACI charts) to match your organization’s need and culture.
Business Continuity: Stuff happens. Your business needs to survive unintended events. Let one of our virtual CISOs work with you to create meaningful BIAs and conduct effective table-top exercises to ensure continuity of operations, whatever the cause for the interruption.
Third-Party (Vendor) Reviews: Migrating to a cloud provider does not absolve an organization of its cyber security responsibilities. Controls must be assessed and confirmed to align with the corporate risk tolerance. Vendor information security reviews, to include thorough SOC1/2 audit reports, are an essential element of proper information security risk management. Our virtual CISOs years of experience reviewing vendors will work for you.
Network Vulnerability Assessments and Web Application Scans: Testing is the first step. Knowing what to prioritize in remediation and what compensating controls may work better than rectifying the primary control gap can save time and cost and add efficiency while increasing security posture.
Penetration Testing: A highly skilled penetration tester will attempt to discover and exploit vulnerabilities and a virtual CISO will work with your team to understand and address gaps.
Cybersecurity Assessment Tool (Financial Institutions): Navigating and completing the FFIEC’s Cybersecurity Assessment Tool (CAT) is a complicated process. With experience including participation in the development of the FSSCC Automated Cybersecurity Assessment Tool, our virtual CISOs can help navigate all aspects of this de-facto standard cyber security assessment for financial institutions.
Compliance With Regulations and Standards: Whether PCI, HIPAA, SOX, GDPR, FERPA, NYS DFS, or another regulation or standard, our virtual CISOs can help your organization achieve information security compliance.
Data Mapping Exercises: Where is your data? How is it protected? A data mapping exercise led by a virtual CISO skilled in privacy concerns will answer these questions and reveal gaps in controls - and is required for GDPR.
Special Projects: Don't see what you need? Let us know, we may be able to assist.
Call us at (833) VCISOSV (833-824-7678) a free virtual CISO consultation. vCISO services are currently available for United States and United Kingdom businesses.