Virtual Chief Information Security Officer (VCISO)
Could an on-demand virtual CISO (vCISO) be the answer to your information security prayers? The vCISO provides an outsourced security practitioner from IntaForensics, who offers their time and insight to an organisation on an ongoing basis, usually part-time and remotely. Naturally, the vCISO from IntaForensics lends itself well to start-ups and growing businesses, with limited budget for cyber security. vCISOs are the best fit for larger small to medium sized enterprises (SMEs), for supplementing the existing management team or simply as an interim solution. IntaForensics vCISO’s provide qualified information security consultants with any one of the following; ISO27001 Lead Auditor, ISO22301 Lead Auditor, CISSP, CISM or PCI DSS QSA.
The vCISO can help your organisation to pull together security policies, guidelines and standards. That could entail anything from coming to grips with Cyber Essentials, Due Diligence, ISO 27001 or PCI compliance, to staying on top of vendor risk assessment. We can also help recruit, set security strategies, procure solutions, remediate incidents, and put foundations in place for ISO 27001 and 9001 compliance. We can also assist with bring-your-own-device (BYOD) policy and enforcement, coaching newly established CISOs, or even managing the board relationship while full-time CISOs “keep the lights on.”
As part of the extensive range of services we currently offer, our vCISO platform is becoming increasingly popular with clients who may not have the resources, budget or expertise to fulfil the growing responsibilities now demanded of a CISO role. In addition, many SMEs do not require a full-time dedicated CISO post and this is where IntaForensics can certainly assist. Our vCISO experts are able to provide their expertise, industry knowledge and advice from years of relevant experience.
A key element in our offering is the organisational independence. Whilst our vCISOs embed themselves within your organisation they do not have any ties with the organisation so they can therefore provide completely agnostic views and recommendations without getting tied up in regular office politics etc.
Some of the many areas covered by our vCISOs are listed below, but services are generally tailored for each client to ensure we achieve the best return on your investment.
- Owner and Operator of the Governance of Information Security – e.g. as chairperson of meetings;
- Owner of the Information Security Policies;
- A key stakeholder in Information Security Risk management;
- A key stakeholder in risk treatment/toleration/transfer (or termination) options;
- Stakeholder in the tools and processes that may impact on the CIA;
- Provider of Internal consultation service – directly and through suppliers;
- Support within Incident Management scenarios;
- Raising of emergent trends, risks and “best practices”;
- A champion of effective and safe business operation.
Three numbers that don’t look too important, but they are actually one of the first lines of defence in the […]Read More
I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy.