Virtual chief information security officers

In our rapidly-changing, data-driven ecosystem, all organisations – from the smallest cold-store to the largest multi-national corporation – have information that they need to protect. Very large organisations tend to have a chief information security officer (CISO). Smaller businesses might have an information security officer who performs a range of infosec tasks. Increasingly, however, leading practice (where allowed by regulators) is to engage a virtual chief information security officer (vCISO) – sometimes for a specific project or for a specific period of time.

As part of their infosec programme, CISOs should:

• Plan and manage infosec activities
• Set up, modify and strengthen organisational and management structures
• Introduce infosec initiatives, including infosec risk management activities
• Evaluate third-parties with access rights
• Coordinate infosec audits

vCISOs can provide these – and many other infosec – services, helping to achieve a robust and resilient infosec vision, strategy and programme for your business – and at a significant lower cost than a full-time CISO. ?Other benefits of engaging a vCISO include:

• Market-driven leadership on risk, governance, incident response, disaster recovery and business continuity
• Expert assessments of security threats and compliance risks
• Advice on how to build an effective security programme
• Integration of infosec into your business strategy, process and culture
• Development, roll-out, and maintenance of security programmes
• Integration and interpretation of infosec programme controls
• Industry-specific expertise (including SAMA’s cybersecurity framework, PCI DSS, NIST and ISO 27001)
• Liaison with auditors, assessors and examiners

Key differentiators:

To discuss the advantages of a vCISO for your organisation, contact our information security team.