Virtual CISO – Affordable Security Leadership
Virtual CISO – Affordable Security Leadership
What is a Virtual CISO Service?
A Virtual CISO is a managed security service for those organisations that don’t have the headroom to employ a full-time Chief Information Security Officer (CISO). A vCISO provides strategic information security leadership and guidance to an organisation in the form of a service contract.
In the current climate where security breaches are hitting the headlines on a near-daily basis, and with the requirements of GDPR, Boards and senior management need to have assurance their organisation has mitigated its information security risks.
Is a vCISO security service expensive?
A virtual CISO managed security service model can be surprisingly cost-efficient as compared to an in-house model – even at scale. The key benefits are on-tap expertise, paying only for what you need and reduced information security risk. A vCISO service can also be a good option should you already know you have very little in place and want to get compliant very quickly.
We keep costs low by using a network of expert information security consultants which can expand and contract with demand. We then pass those savings on to you. If you are looking for specific expertise we have consultants with specialist knowledge and expertise in the domains of:
Cyber Security: Strategy, Application & Infrastructure Security, Third-Party Due Diligence, Supplier Audits, Risk Management, Data Leakage Prevention, Cloud Security, SIEM, Outsourced SOC, Vulnerability Management, Security Procurement, Identity & Access Management (IAM), Governance and Management Information, MI. PCI-DSS, Cyber Essentials, Cyber Essentials Plus.
Business Continuity: Disaster Recovery, Organisational Resilience, Business Impact Analysis (BIA), Risk Assessment (RA), Strategy Development, Continuity Plans, Testing, Crisis Management Exercises.
Change & Transformation: Training and Awareness, Bespoke Training, Certification, Business Analysis, Project Management, Programme Management, Risk Management, Procurement.
And many, many more! If you can’t find it above, just ask!
What’s included in the core Virtual CISO Service?
The following are core components of the vCISO managed security service:
- Advice and guidance on information security management
- Contextual advice and guidance for penetration testing and other risk assessment activities
- GAP analysis against a recognised information security management system (ISMS)
- Board Presentations (as required)
- Participation at Committee level (as required)
- Employee Training & Awareness (including annual phishing test)
- Annual Reviews
What are the variably costed aspects of the vCISO Managed Security Service?
Depending on the size and needs of your organisation, the following vCISO services can also be provided:
- Advice and Guidance to in-house information security resources*
- Third-Party Due-Diligence Assessments*
- Information Security Strategy development
- Information Security Policy Development
- Development of Management Information and supporting framework
- Support to Change Management as it relates to information security*
- Support to the Audit Process*
- Support to Projects as it relates to information security*
- Support to Outsourcing / Procurement as it relates to Information Security*
- Support to Incident Management*
- Support to Forensic Investigations*
*in excess of the days/credits included as part of the core service
Transformation Programme Management
Don’t know where to start or don’t have the internal resources to manage your Information Security transformation programme? Fox Red Risk can help.
Want to know more from the UK Information Regulator
There are lots of useful guides and articles from the UK’s Data Protection Regulator. Click here to find out more: The Information Commissioner’s Office (ICO)
The ICO now have a dedicated line to help SMEs with ongoing GDPR compliance issues. This dedicated advice line offers help to small organisations preparing for the new data protection law, including the General Data Protection Regulation. The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.
22301:2019 article 25 article 28 awareness bcms breach change management ciso controller cybersecurity data breach data privacy Data Protection data protection by design data protection officer data protection service Data Subject Access Request DPO DSAR GDPR incident management information security leadership management operational resilience Outsourced DPO Privacy processor resilience risk risk appetite risk management ROI security security as a service small business soc strategic strategy Subject Access Request training transparency vciso virtual ciso vulnerability scanning