Virtual CISO
DO YOU HAVE A TOP-TIER SECURITY EXPERT AVAILABLE AS CISO WITH YOU?
ONE OF THE BOARDROOM DISCUSSIONS IS SECURITY Information security is increasing in importance, but not all organizations can afford to hire a chief information security officer or experts in security. RADKRICS has focused on information security and we have a team of experienced security experts who can be a virtual Chief Information Security Officer (vCISO) to bridge this gap.
vCISO – WHY DO YOU REALLY NEED ONE?
Information security is one of the strategic goals. The continuously changing threat landscape and sophistication of threat actors impacts the timing of decision making and readiness of security teams, creating huge challenges even for fulltime staff. CISOs are on the frontline of cyber defense. A failure at the frontline can lead to a data breach and have a catastrophic impact on business operations.
WHAT DOES THIS SERVICE DO
THE EXPECTED OUTCOME
WHAT IS INCLUDED IN THE SERVICE?
- Review the existing security strategy and framework
- Prepare a security strategy in consultation with the CISO or CIO
- Review the existing information security policies and procedures
- Manage the risk register
- Provide a security implementation roadmap
- Build a governance and compliance program
- Be an auditee of the external audit
- Be an information security advisor to the senior
- executives
TYPICAL ENGAGEMENT
The vCISO service can be availed in terms of number of hours in a year. For an effective outcome of the service, the vCISO shall be engaged for a minimum of 35 hours in a month.
There are two levels of engagement; Level One and Level Two In a Level ONE engagement, the vCISO acts as a strategic information security advisor and performs the below activities with the help of your information security team
Cyber Security Risk Assessment
| # | Activity | Outcome |
|---|---|---|
| 1 | Plan information security strategy | Strategy Document |
| 2 | Oversee the implementation of the information security initiatives | Support and recommend solutions |
| 3 | Chair the steering committee meetings | Setting the direction and re-alignment, provide expert suggestions to enable executive decisions |
| 4 | Yearly review of the Information Security Policies and Procedures | Reviewed policies with closure of identified documentation gaps |
| 5 | Review and track the closure of vulnerabilities | Monthly Vulnerability Dashboard |
| 6 | Review and track the closure of Risks | Monthly Risk Dashboard |
| 7 | Manage the compliance program | Quarterly Compliance Dashboard |
| # | Activity | Outcome |
|---|---|---|
| 1 | Perform information security gap assessment to determine the inherent risk and the current state of the organization | Gap assessment report and the roadmap for the closure of the risks identified |
| 2 | Perform vulnerability assessment and penetration testing | VA and PT report |
| 3 | Plan information security strategy | Strategy Document |
| 4 | Implement the closure of gaps identified (closure of technology gaps is dependent on the organizational spend on the information security program) | Weekly project update towards closure of the gaps |
| 5 | Oversee the implementation of the information security initiatives | Support and recommend solutions |
| 6 | Derive compliance checks and perform monthly compliance assessment | Compliance reports |
| 7 | Manage the compliance program | Quarterly Compliance Dashboard |
| 8 | Chair the steering committee meetings | Setting the direction and re-alignment. Provide expert suggestions to enable executive decisions |
| 9 | Review and track the closure of vulnerabilities | Monthly Vulnerability Dashboard |
| 10 | Yearly review of the Information Security Policies and Procedures | Reviewed policies with closure of identified documentation gaps |
| 11 | Review and track the closure of Risks | Monthly Risk Dashboard |