What is a Virtual CISO Service?
A Virtual CISO is a managed security service for those organisations that don’t have the headroom to employ a full-time Chief Information Security Officer (CISO). A vCISO provides strategic information security leadership and guidance to an organisation in the form of a service contract.
In the current climate where security breaches are hitting the headlines on a near-daily basis, and with the requirements of GDPR, Boards and senior management need to have assurance their organisation has mitigated its information security risks.
Is a vCISO security service expensive?
A virtual CISO managed security service model can be surprisingly cost-efficient as compared to an in-house model – even at scale. The key benefits are on-tap expertise, paying only for what you need and reduced information security risk. A vCISO service can also be a good option should you already know you have very little in place and want to get compliant very quickly.
We keep costs low by using a network of expert information security consultants which can expand and contract with demand. We then pass those savings on to you. If you are looking for specific expertise we have consultants with specialist knowledge and expertise in the domains of:
Cyber Security: Strategy, Application & Infrastructure Security, Third-Party Due Diligence, Supplier Audits, Risk Management, Data Leakage Prevention, Cloud Security, SIEM, Outsourced SOC, Vulnerability Management, Security Procurement, Identity & Access Management (IAM), Governance and Management Information, MI. PCI-DSS, Cyber Essentials, Cyber Essentials Plus.
Business Continuity: Disaster Recovery, Organisational Resilience, Business Impact Analysis (BIA), Risk Assessment (RA), Strategy Development, Continuity Plans, Testing, Crisis Management Exercises.
Change & Transformation: Training and Awareness, Bespoke Training, Certification, Business Analysis, Project Management, Programme Management, Risk Management, Procurement.
And many, many more! If you can’t find it above, just ask!
What’s included in the core Virtual CISO Service?
The following are core components of the vCISO managed security service:
- Advice and guidance on information security management
- Contextual advice and guidance for penetration testing and other risk assessment activities
- GAP analysis against a recognised information security management system (ISMS)
- Board Presentations (as required)
- Participation at Committee level (as required)
- Employee Training & Awareness (including annual phishing test)
- Annual Reviews
What are the variably costed aspects of the vCISO Managed Security Service?
Depending on the size and needs of your organisation, the following vCISO services can also be provided:
- Advice and Guidance to in-house information security resources*
- Third-Party Due-Diligence Assessments*
- Information Security Strategy development
- Information Security Policy Development
- Development of Management Information and supporting framework
- Support to Change Management as it relates to information security*
- Support to the Audit Process*
- Support to Projects as it relates to information security*
- Support to Outsourcing / Procurement as it relates to Information Security*
- Support to Incident Management*
- Support to Forensic Investigations*
*in excess of the days/credits included as part of the core service
Transformation Programme Management
Don’t know where to start or don’t have the internal resources to manage your Information Security transformation programme? Fox Red Risk can help.
