Intersys Logo
Menu

Managed IT Support

A Reasonable, Fixed Monthly Fee for All Your IT Needs
Managed IT Support Provider

Consulting Services

The High Level IT Consulting Services You Need to Transform Your Business
Get IT Consulting Services

Cyber Security

A Comprehensive Range of Cyber Security Services for Robust, Industry-Leading Protection
Get Cyber Security Services

IT Solutions

Whatever your IT needs, we'll create a tailormade solution for you
Get IT Solutions

This Short Post About virtual CISO and vCTO Roles Could Save You a Lot of Money

Who needs a vCISO — a virtual Chief Information Security Officer?

 

Cybercrime isn’t something that happens to ‘other’ organisations any more. SMEs, charities and schools are realising that they are as vulnerable as the big players to suffering financial and reputational loss. As a result, many are taking a more comprehensive and strategic approach to cyber security.

The person to direct that comprehensive, strategic approach is traditionally a chief information security officer (CISO). If he or she sounds expensive, you’re on to something. It’s not uncommon for businesses to be pulled by a desire to take cyber security seriously on the one hand and financial restraints on the other.

This is where a virtual chief information security officer (vciso) can provide a solution.

 

What are vCISO services?

 

Informational Flyer Secure Entry Cartoon Flat. Modern Banner Close Up Big Well. Success Strategy Poster Infographics Secure Login Via Internet from Electronic Devices. Vector Illustration.

 

 

 

 

 

 

 

 

 A vCISO takes responsibility and oversees your whole cyber security programme.

They deliver the operational cyber risk management programme and are responsible for an organisation’s data security and information security governance.

This cyber risk management programme defines, documents and communicates policies, processes and procedures that direct the management of cyber risk.

Because a vCISO is an outsourced ‘on demand’ service, it can be an incredibly cost-effective way to implement a high-level and comprehensive cyber security programme. A vCISO can be called on for support ‘as and when’ and will provide the following:

  • Information security governance
  • Management of cyber risks
  • Legal and regulatory compliance
  • Business continuity and disaster recovery
  • Human resources – behaviour and information governance
  • Supplier and partner security diligence

At Intersys, our vCISO services can work seamlessly with your existing IT and / or security team; or we can provide further resources, for instance a chief technology officer (CTO), to implement the vCISO’s recommendations.

 

What does a vCISO do in practice?

 

Cyber security concept. Isometric vector of a team working designing new software to protect personal data

 

 

 

 

 

 

 

 

Above is a broad description of a vCISO’s duties. Below you’ll find more detail about the typical objectives and deliverables. It should provide a good introduction to the scope of that job and, in turn, the factors you must consider to properly protect your organisation form cyber criminals.

Duties cover the following areas:

1) Objective: Risk assessment to identify, evaluate, and manage cyber security threats

Deliverables: Support a board / cyber security steering committee as follows:

  • Investigate and assess risks and suggest mitigating actions
  • Review adequacy of existing mitigation activities
  • Review skills gaps and recommend training where necessary, or mandated (for instance fraud awareness or data protection training)
2) Objective: Data governance, classification controls and information security controls

Deliverables: Advise the board on how to maintain the confidentiality, integrity and availability of hardware, software and data

  • Design and maintain group-wide security models, policies and procedures
  • Design or review a technological compliance framework, which could include   data protection and regulatory legislation for specific sectors such as financial services, pharmaceuticals, education and legal
  • Conduct an internal audit to: ensure compliance with codes of conduct; and benchmark against best practice technical security controls (including ISO27001, NIST etc.)
3) Objective: Detection, protection, response and recovery controls

Deliverables: Support the cyber security steering committee and provide advice to their key third-party technology suppliers on appropriate security controls

  • Monitor and feedback recommendations to technology infrastructure services, other providers and third parties
  • Periodically review security monitoring and logging
  • Assess and report material data breaches for submission to sector-specific regulators
  • Advise on business continuity and disaster recovery planning and management

 

How much does a virtual CISO cost?

 

Much less than a full time, in house CISO. In Intersys’ case, our rates are scalable, based on your number of devices, which means they will almost certainly be affordable to you.

To find out more about our vCISO service, click here. Or get in touch now on +44 (0)20 3005 4440 to arrange a chat with a vCISO professional. We can assess your needs and suggest a course of action that will protect your organisation – at a reasonable price. 

Stay up to date with IT Industry news

Subscribe to our newsletter

Subscribe to our newsletter


In other news

December 4, 2023

A Haven of Hope

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram