Virtual Chief Information Security Officer

As part of our Assist services the Virtual Chief Information Security Officer (CISO) provides access to the capabilities required to respond to the threats of today and plan for those of tomorrow.

For some organisations hiring a Chief Information Security Officer (CISO) is simply cost prohibitive, and for others attracting and retaining the right talent is challenging. Either way, the impact of a cyber-attack or data breach can still be significant.

Often what is required is simply access to the right capabilities at the right time.

Strategy

Align business, information and cyber risk strategy, innovate and define roadmap. Manage risk through targeted investments

Threat Management

Understand the threat landscape, identify critical assets and manage the effectiveness of cyber risk treatment

Advisory

Educate, advise and influence activities across the business, ensuring cyber risks are understood and managed effectively

Technology

Define and embed security standards, assess and implement security technologies to develop capabilities

Whilst some organisations may have strong technical capabilities but lack board engagement, others may require an increased focus on understanding their threat landscape or on developing technical standards. During the on-boarding process your business strategy, regulatory and threat landscape and existing structures and capabilities are reviewed. This ensures the resulting service is tailored to your specific needs, and delivers relevant business benefit by integrating with your existing capabilities.

Our Approach

Our Virtual CISO is delivered through a blend of on-site and remote support, including voice or video calls and email. The service is comprised of a one-off on-boarding process followed by a delivery model designed to meet your specific requirements.

The on-boarding process ensures the service is tailored to your specific requirements. This includes the following:

  • Strategy: Reviewing business strategy, and regulatory and legislative landscape.
  • Threat Management: Reviewing business model and operations to understand the threat landscape
  • Advisory: Identifying in-flight programmes and projects that are impacted by information, cyber and privacy risks.
  • Technology: Reviewing current capabilities and their effectiveness in supporting those needs.

Once the on-boarding process is complete, the scope and objectives of the Virtual CISO will be documented in a service description. Using a fixed monthly charge and/or fixed rate you can ensure you have access to the right capabilities.

Your Benefit

The Virtual CISO service ensures businesses have access to the right security capabilities, at the right time, through an on-demand model:

  • Lower cost: pay for the support required
  • Address market demand: access the capabilities quickly, reducing time and cost of attracting and retaining talent
  • Improve maturity: deliver effective improvements to security posture through a breadth of experience
  • Existing capability: leverage current investment in expertise and technology to enhance security

The Engagement

The Virtual CISO is based on two elements, the on-boarding process and the ongoing delivery.

  • On-boarding: fixed price engagement, 5 days effort. Output of which is the service description and agreed monthly effort.
  • Monthly Service Charge: Based on client requirements, this will include a combination of onsite and remote support

ICA Consultancy provides advisory and consultancy services, and virtual resourcing (Virtual CISO, DPO etc.) engagements, helping organisations identify, manage and mitigate information, cyber and privacy risks.

© All rights reserved