We offer cost effective Outsourced and Virtual CISO services, delivered by suitably experienced personnel.
You’ll get a lead CISO / Information Security Manager who’ll be supported by the wider team as required. There are no ‘call centre’ type operations, just real people who you’ll come to see as an extended member of your workforce.
Our CISOs can assess your current security posture and, based on your business and compliance needs, create a security strategy and programme of work that improves it to meet an agreed target state.
We can review your existing organisational, technical and physical security controls, create a security improvement road map, engage with your board to agree the plan and budget and programme manage the agreed plan.
Every organisation should take a risk based approach to information security, starting with asset identification and then threat, vulnerability and impact assessments. This ensures that your most valuable and sensitive assets are prioritised, risks are known and proactively managed according to their potential impact and help you meet key compliance obligations including GDPR.
Our CISOs can take ownership of your information risk management programme. We’ll work with stakeholders to assess risks and apply controls, help executives manage tolerable risks and advise when to transfer elements of risk or terminate activities that are creating unnecessary risk.
Threats and vulnerabilities don’t stand still and the security threat landscape evolves constantly. It is therefore important to have a programme of continual assurance activities in place to ensure you can identify, detect and respond to threats and security incidents as they arise.
Our CISOs can implement a proportionate assurance programme. We can manage supplier security assurance, vulnerability testing, penetration testing, user awareness and provide ongoing security assessments.
Introducing and maintaining good information and security governance can be difficult in busy organisations. Competing priorities often mean sufficient governance is not implemented. This can lead to ill-informed decision making, employee mistakes and means that lessons from previous security incidents are not learned.
Our CISOs can take ownership of or contribute to your governance processes. We can chair or participate in your information risk and security steering group, review security incidents, run ‘lessons learned’ reviews and implement correct actions, carry out internal auditing and keep your policies and procedures under continual review.
Our CISOs can implement compliance management systems and processes to ensure you meet specific regulations and standards. These include GDPR, DPA18, NIS Directive, DCB1596 Secure Email Standard and the Gambling Commission RTS security requirements.
We can also implement and support an ISO27001: 2013 certified Information Security Management System (ISMS) at your organisation.
Identifying the right security technologies and security service providers can be complex. A plethora of products, applications and managed services are available for on-premise, cloud and mobile environments. Ensuring you are getting the best from your Managed Security Service Provider (MSSP) can also be time consuming.
Our CISOs can help identify the required technical controls, vendors and solutions providers and MSSPs. We can manage the procurement process, including contract implementation and handle ongoing service management on your behalf.