Security Advisory Service – The CISO’s SAS!
The Fox Red Risk Security Advisory Service is exactly what it says on the tin – security as a service. It is a managed security service for those Heads of Information Security or Chief Information Security Officers that don’t have the capacity or headcount within their in-house information security teams to perform all the assurance activities they wish they could. The Security Advisory Service provides support and guidance to the CISO on a wide range of information security issues in the form of a service contract. If you don’t yet have a CISO, you may wish to consider the Virtual CISO (vCISO) service instead.
In the current climate where security breaches are hitting the headlines on a near-daily basis, Boards and senior management need to have assurance their organisation has mitigated its information security risks.
If you are looking for specific cyber-security consultancy we have cybersecurity consultants with specialist knowledge and expertise in the domains of:
Cyber Security: Strategy, Application & Infrastructure Security, Third-Party Due Diligence, Supplier Audits, Risk Management, Data Leakage Prevention, Cloud Security, SIEM, Outsourced SOC, Vulnerability Management, Security Procurement, Identity & Access Management, IAM, Governance and Management Information, MI. PCI-DSS, Cyber Essentials, Cyber Essentials Plus.
Business Continuity: Disaster Recovery, Organisational Resilience, Business Impact Analysis (BIA), Risk Assessment (RA), Strategy Development, Continuity Plans, Testing, Crisis Management Exercises.
Change & Transformation: Training and Awareness, Bespoke Training, Certification, Business Analysis, Project Management, Programme Management, Risk Management, Procurement.
And many, many more! If you can’t find it above, just ask!
What’s included in the core Security Advisory Service?
The following are core components of the Security Advisory Service:
- Coaching and Mentoring for new CISOs – bounce your issues off an expert in complete confidence!
- Advice and guidance on all aspects of information security – SIEM not your strong point, no problem!
- Written opinions of information risk management
- GAP analysis against a recognised information security management system (ISMS) such as ISO 27001 or NIST 800-53
- Support in developing your Information Security Policies
What are the variably costed aspects of the Security Advisory Service?
Depending on the size and needs of your organisation, the following Security Advisory Services can also be provided:
- Third-Party Due-Diligence Assessments*
- Application Security Risk Assessments*
- Cloud Migration Risk Assessments*
- Crisis Management Simulations
- Security Procurement
- Support in developing your Information Security Strategy
- Support to Change Management as it relates to information security*
- Support for Projects as it relates to information security*
- Support for Incident Management*
- Support for Forensic Investigations*
- Support to the Audit Process*
*in excess of the days/credits included as part of the core service
Is a Security Advisory Service expensive?
A Security Advisory Service model can be surprisingly cost-efficient compared to an in-house model – even at scale. The key benefits are on-tap expertise, paying only for what you need and reduced information security risk. A Security Advisory Service can also be a good option should you as the CISO know you have very little in place and want to hit the ground running
We keep costs low by using a network of expert information security consultants which can expand and contract with demand. We then pass those savings on to you.
Transformation Programme Management
Don’t know where to start or don’t have the internal resources to manage your Information Security transformation programme? Fox Red Risk can help.
22301:2019 article 25 article 28 awareness bcms breach change management ciso controller cybersecurity data breach data privacy Data Protection data protection by design data protection officer data protection service Data Subject Access Request DPO DSAR GDPR incident management information security leadership management operational resilience Outsourced DPO Privacy processor resilience risk risk appetite risk management ROI security security as a service small business soc strategic strategy Subject Access Request training transparency vciso virtual ciso vulnerability scanning