VCISO - Virtual Security Leadership

VCISO – Virtual Security Leadership

What is a Virtual CISO?

A vCISO is a managed security service for those organisations that don’t have the headroom to employ a full-time Chief Information Security Officer (CISO). A vCISO provides strategic information security leadership and guidance to an organisation in the form of a service contract.

In the current climate where security breaches are hitting the headlines on a near-daily basis, and with the requirements of GDPR, Boards and senior management need to have assurance their organisation has mitigated its information security risks.

Just need some security consultancy – we can help – click to get in contact

Is a vCISO security service expensive?

A virtual CISO managed security service model can be surprisingly cost-efficient as compared to an in-house model – even at scale. The key benefits are on-tap expertise, paying only for what you need and reduced information security risk. A vCISO service can also be a good option should you already know you have very little in place and want to get compliant very quickly.

We keep costs low by using a network of expert information security consultants which can expand and contract with demand. We then pass those savings on to you. If you are looking for specific expertise we have consultants with specialist knowledge and expertise in the domains of:

Cyber Security: Strategy, Application & Infrastructure Security, Third-Party Due Diligence, Supplier Audits, Risk Management, Data Leakage Prevention, Cloud Security, SIEM, Outsourced SOC, Vulnerability Management, Security Procurement, Identity & Access Management (IAM), Governance and Management Information, MI. PCI-DSS, Cyber Essentials, Cyber Essentials Plus.

Business Continuity: Disaster Recovery, Organisational Resilience, Business Impact Analysis (BIA), Risk Assessment (RA), Strategy Development, Continuity Plans, Testing, Crisis Management Exercises.

Change & Transformation: Training and Awareness, Bespoke Training, Certification, Business Analysis, Project Management, Programme Management, Risk Management, Procurement.

And many, many more! If you can’t find it above, just ask!

Contact Fox Red Risk

What’s included in the core vCISO Service?

The following are core components of the vCISO managed security service:

Advice and guidance on information security management
Contextual advice and guidance for penetration testing and other risk assessment activities
GAP analysis against a recognised information security management system (ISMS)
Board Presentations (as required)
Participation at Committee level (as required)
Employee Training & Awareness (including annual phishing test)
Annual Reviews

Contact Fox Red Risk

What are the variably costed aspects of the vCISO Managed Security Service?

Depending on the size and needs of your organisation, the following vCISO services can also be provided:

Advice and Guidance to in-house information security resources*
Third-Party Due-Diligence Assessments*
Information Security Strategy development
Information Security Policy Development
Development of Management Information and supporting framework
Support to Change Management as it relates to information security*
Support to the Audit Process*
Support to Projects as it relates to information security*
Support to Outsourcing / Procurement as it relates to Information Security*
Support to Incident Management*
Support to Forensic Investigations*

*in excess of the days/credits included as part of the core service

Contact Fox Red Risk

Transformation Programme Management

Don’t know where to start or don’t have the internal resources to manage your Information Security transformation programme? Fox Red Risk can help.

Contact Fox Red Risk

Want to know more from the UK Information Regulator

There are lots of useful guides and articles from the UK’s Data Protection Regulator. Click here to find out more: The Information Commissioner’s Office (ICO)

The ICO now have a dedicated line to help SMEs with ongoing GDPR compliance issues. This dedicated advice line offers help to small organisations preparing for the new data protection law, including the General Data Protection Regulation. The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

ICO statement in response to an announcement made by the Metropolitan Police Service on the use of live facial recognition
In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places. Our investigation found there was public support for police use of LFR […]
ICO attends the second ICIC FOI case handling workshop
Hosted by the Gibraltar Regulatory Authority, the annual workshop provides an opportunity for different jurisdictions across the globe to share working practices and ideas. ICO colleagues in […]
ICO publishes Code of Practice to protect children’s privacy online
Today the Information Commissioner’s Office has published its final Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s […]
ICO yn cyhoeddi Cod Ymarfer i ddiogelu preifatrwydd plant ar-lein
Heddiw, mae Swyddfa'r Comisiynydd Gwybodaeth wedi cyhoeddi ei Chod Dylunio Oed-briodol – sef set o 15 o safonau y dylai gwasanaethau ar-lein eu bodloni i ddiogelu preifatrwydd plant.
Blog: Adtech - the reform of real time bidding has started and will continue
The adtech real time bidding (RTB) industry is complex, involving thousands of companies in the UK alone.