VCISO - Virtual Security Leadership

VCISO – Virtual Security Leadership

What is a Virtual CISO?

A vCISO is a managed security service for those organisations that don’t have the headroom to employ a full-time Chief Information Security Officer (CISO). A vCISO provides strategic information security leadership and guidance to an organisation in the form of a service contract.

In the current climate where security breaches are hitting the headlines on a near-daily basis, and with the requirements of GDPR, Boards and senior management need to have assurance their organisation has mitigated its information security risks.

Just need some security consultancy – we can help – click to get in contact

Is a vCISO security service expensive?

A virtual CISO managed security service model can be surprisingly cost-efficient as compared to an in-house model – even at scale. The key benefits are on-tap expertise, paying only for what you need and reduced information security risk. A vCISO service can also be a good option should you already know you have very little in place and want to get compliant very quickly.

We keep costs low by using a network of expert information security consultants which can expand and contract with demand. We then pass those savings on to you. If you are looking for specific expertise we have consultants with specialist knowledge and expertise in the domains of:

Cyber Security: Strategy, Application & Infrastructure Security, Third-Party Due Diligence, Supplier Audits, Risk Management, Data Leakage Prevention, Cloud Security, SIEM, Outsourced SOC, Vulnerability Management, Security Procurement, Identity & Access Management (IAM), Governance and Management Information, MI. PCI-DSS, Cyber Essentials, Cyber Essentials Plus.

Business Continuity: Disaster Recovery, Organisational Resilience, Business Impact Analysis (BIA), Risk Assessment (RA), Strategy Development, Continuity Plans, Testing, Crisis Management Exercises.

Change & Transformation: Training and Awareness, Bespoke Training, Certification, Business Analysis, Project Management, Programme Management, Risk Management, Procurement.

And many, many more! If you can’t find it above, just ask!

Contact Fox Red Risk

What’s included in the core vCISO Service?

The following are core components of the vCISO managed security service:

Advice and guidance on information security management
Contextual advice and guidance for penetration testing and other risk assessment activities
GAP analysis against a recognised information security management system (ISMS)
Board Presentations (as required)
Participation at Committee level (as required)
Employee Training & Awareness (including annual phishing test)
Annual Reviews

Contact Fox Red Risk

What are the variably costed aspects of the vCISO Managed Security Service?

Depending on the size and needs of your organisation, the following vCISO services can also be provided:

Advice and Guidance to in-house information security resources*
Third-Party Due-Diligence Assessments*
Information Security Strategy development
Information Security Policy Development
Development of Management Information and supporting framework
Support to Change Management as it relates to information security*
Support to the Audit Process*
Support to Projects as it relates to information security*
Support to Outsourcing / Procurement as it relates to Information Security*
Support to Incident Management*
Support to Forensic Investigations*

*in excess of the days/credits included as part of the core service

Contact Fox Red Risk

Transformation Programme Management

Don’t know where to start or don’t have the internal resources to manage your Information Security transformation programme? Fox Red Risk can help.

Contact Fox Red Risk

Want to know more from the UK Information Regulator

There are lots of useful guides and articles from the UK’s Data Protection Regulator. Click here to find out more: The Information Commissioner’s Office (ICO)

The ICO now have a dedicated line to help SMEs with ongoing GDPR compliance issues. This dedicated advice line offers help to small organisations preparing for the new data protection law, including the General Data Protection Regulation. The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Blog: Data ethics and the digital economy

We’ve just appointed our first data ethics adviser, Ellis Parry, to consider data protection and ethics challenges over the next year.
Why special category personal data needs to be handled even more carefully

Imagine if your medical records, information about your sex life or your political opinions were put into the public domain so anyone could see them. When personal data is shared by mistake the […]
Bond Lecture 2019: ‘Access to Information in Turbulent Times’

Gill Bull, ICO’s Director of Freedom of Information Complaints and Compliance, speech at the British Records Association in London, 13 November 2019.
Information Commissioner reminds political parties they must comply with the law ahead of General Election

The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning
Live facial recognition technology – police forces need to slow down and justify its use

As far back as Sir Robert Peel, the powers of the police have always been seen as dependent on public support of their actions. It’s an ideal starting point as we consider uses of technology […]