Virtual CISO Service
The Challenge
Organisations are becoming increasingly aware of the growing information security risks, but many face challenges in managing these, be that to their relative size, budget constraints or limited security resources.
Organisations need access to experts who specialise in the wide variety of threats they face, who can offer tailored services to their needs. However, it’s often the case that organisations either can’t recruit dedicated resources due to the scarcity of good candidates or the associated cost of them, or that internal resources just can’t keep up with the changing security landscape to provide comprehensive assurance.
As a result, many organisations are now wanting a managed service to support their information security activities in a proportionate way.
The Solution
As part of our market leading Catalyst Services offerings, in conjunction with our partners, we have developed a unique solution to answer this challenge. Our partners are experienced to be your single port of call for security, and meet this requirement through the provision of a virtual Chief Information Security Officer (vCISO).
The vCISO will lead and govern information security activities alongside assembling tailored solutions for your specific challenges ranging from policy implementation and compliance, to technical vulnerability management and incident response.
The vCISO operates as an integrated member of your team to enable you to focus on your core business activities, and still progress key security initiatives whilst only paying for the time and effort you need.
The Approach
1. Define & Agree Priorities
We will work with you to define and agree priorities for information security. These may already be
articulated. If not, we will perform a high-level risk or maturity assessment to inform these.
2. Establish Governance Arrangements
We will identify the stakeholders and establish the cadence for governance meetings to put in place the mechanisms to direct and support information security activities.
3. Delivery & Oversights
We will administer the governance meetings to ensure progress is being made as well leading on discreet activities as required, drawing on the wider Ignition team as appropriate.
The Activities We Support
Alongside establishing and administering governance arrangements, we will lead on and deliver key initiatives and discreet projects to drive information security progress. Typically this might include the following.
Developing approach to staff education and awareness
Responding to internal or client audit requirements
Defining security tooling requirements and options
Developing and/or updating policies and standards
Developing and implementing user access reviews
Reviewing and monitoring cloud platforms