As a pure Cyber Security and Risk Management Firm, Secur has the ability to offer the option of becoming an organization’s ‘Virtual’ Chief Information Security Officer. Many organizations either cannot afford their own information security department or would rather invest in having a dedicated firm working with them to meet their needs. As the landscape for cyber breaches and malicious actors continues to increase, companies will need experienced professionals to mitigate these risks.
As an industry-leading consultancy, Secur is keen to assist businesses in achieving a goal of Best Security Practices. Secur is able to provide consulting services as well as security testing and wider information assurance services. At Secur we are committed to providing tailored solutions and services in an efficient, timely manner to help our clients understand the risks to their business.
What is a “Virtual” Chief Information Security Officer (Virtual CISO)?
The role of a Chief Information Security Officer is to align security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. Secur has the expertise and capability to take on the role of a client’s Chief Information Security Officer. Secur’s Security Consultants have the ability to advise on each of the following topics.
- Required trusted advice from globally-recognised experienced professionals.
- Wanted a vendor-neutral perspective, not just someone selling services.
- Did not have a full time requirement for a security executive.
- Wanted the V-CISO to become an extension of their business.
- Wanted the V-CISO to understand office politics and the intricacies of human relationships. A strong stakeholder manager.
- Wanted the V-CISO to help align their business against international best practices and standards.
Attendance at regular Security Management Meetings; provide assistance, guidance and direction as required on the following:
- Regular review of security breaches and security performance
- Review the Information Security Risk Register and Risk Assessment Process
- Review and measure effectiveness of Risk Management controls
- Develop the company risk appetite statement
- Evaluations of new security products, controls and processes
Risk Management is vital to every organization. Understanding the risks associated with your industry, what you need to protect, and where your threats are will allow for the proper controls to be put in place to mitigate these risks.
- Review Risk Assessment process and maturity
- Provide education, assistance and help with the Risk Assessment process and Operational Owners of Risks
- Review the Risk Management process and assist with guidance and help around decisions are required
Develop Data Policy with board, locations and retention process.
Third-Party Assurance / Supplier Audits
Dependencies on 3rd parties can often be overlooked in security terms. However, the access, privileged and responsibilities of these parties can often provide the weakest link in an organization’s security posture.
Secur can advise, review and conduct Supplier Audits on behalf of the customer.
- Identify and review the current 3rd party supplier list
- A review of the current supplier IT Security assurance processes
- Review of the Policy and Procedures
- Assist the customer with identifying risks presented by current 3rd party suppliers and rank
Train internal audit staff or conduct on behalf of relevant Supplier Audits
What is the vCISO process?
The 100-hour startup process is broken down by day
- Day One – Onsite Assessment
- Day 7 – Conduct initial planning, establish timelines, 5 top issues
- Day 14 – Security Assessment
- Day 30 – Inventory security skill sets, establish a program vision and formalize security charter
- Day 60 – Identify and implement team security objectives
- Day 90 – Business Continuity and Disaster Recovery planning
- Daily, Weekly, Monthly
When vCISO guidance could be invaluable
- Planning security audits, assessments and reviews
- Developing a threat management strategy
- Achieving compliance with the latest security standards
- Procuring new security products and services
- Recruiting and training IT and security personnel
- Responding to and remediating security incidents
What are the costs
Service can range between R45 000 – R810 000 per month, depending on the size of your organisation, all of which is at a fraction of the cost of hiring a full-time CISO, not to mention the level of expertise and qualifications.
Download Our VCiso Brochure Below