Virtual CISO

DO YOU HAVE A TOP-TIER SECURITY EXPERT AVAILABLE AS CISO WITH YOU?

ONE OF THE BOARDROOM DISCUSSIONS IS SECURITY Information security is increasing in importance, but not all organizations can afford to hire a chief information security officer or experts in security. RADKRICS has focused on information security and we have a team of experienced security experts who can be a virtual Chief Information Security Officer (vCISO) to bridge this gap.

vCISO – WHY DO YOU REALLY NEED ONE?

Information security is one of the strategic goals. The continuously changing threat landscape and sophistication of threat actors impacts the timing of decision making and readiness of security teams, creating huge challenges even for fulltime staff. CISOs are on the frontline of cyber defense. A failure at the frontline can lead to a data breach and have a catastrophic impact on business operations.

Information Security

WHAT DOES THIS SERVICE DO

A vCISO is a service wherein RADKRICS’ security professional will perform the duties of CISO in the client organization. vCISO will help in identifying and analyzing threats, devising strategic security plans, establishing compliance with industry standards, and conducting vendor risk assessments as well as fulfilling other information security needs.

THE EXPECTED OUTCOME

With the experience and skills that a vCISO has, vCISO can help your company plan, define and execute an appropriate security strategy

WHAT IS INCLUDED IN THE SERVICE?

  • Review the existing security strategy and framework
  • Prepare a security strategy in consultation with the CISO or CIO
  • Review the existing information security policies and procedures
  • Manage the risk register
  • Provide a security implementation roadmap
  • Build a governance and compliance program
  • Be an auditee of the external audit
  • Be an information security advisor to the senior
  • executives

TYPICAL ENGAGEMENT

The vCISO service can be availed in terms of number of hours in a year. For an effective outcome of the service, the vCISO shall be engaged for a minimum of 35 hours in a month.

There are two levels of engagement; Level One and Level Two In a Level ONE engagement, the vCISO acts as a strategic information security advisor and performs the below activities with the help of your information security team

Cyber Security Risk Assessment

# Activity Outcome
1 Plan information security strategy Strategy Document
2 Oversee the implementation of the information security initiatives Support and recommend solutions
3 Chair the steering committee meetings Setting the direction and re-alignment, provide expert suggestions to enable executive decisions
4 Yearly review of the Information Security Policies and Procedures Reviewed policies with closure of identified documentation gaps
5 Review and track the closure of vulnerabilities Monthly Vulnerability Dashboard
6 Review and track the closure of Risks Monthly Risk Dashboard
7 Manage the compliance program Quarterly Compliance Dashboard
Some of the above activities require the necessary initial steps to be completed by the engaging organization so as to achieve the mentioned outcome. In a Level TWO engagement, the vCISO acts as a strategic information security advisor and performs the below activities with the help of RADKRICS information security team
Some of the above activities require the necessary initial steps to be completed RADKRICS so as to achieve the mentioned outcome.
# Activity Outcome
1 Perform information security gap assessment to determine the inherent risk and the current state of the organization Gap assessment report and the roadmap for the closure of the risks identified
2 Perform vulnerability assessment and penetration testing VA and PT report
3 Plan information security strategy Strategy Document
4 Implement the closure of gaps identified (closure of technology gaps is dependent on the organizational spend on the information security program) Weekly project update towards closure of the gaps
5 Oversee the implementation of the information security initiatives Support and recommend solutions
6 Derive compliance checks and perform monthly compliance assessment Compliance reports
7 Manage the compliance program Quarterly Compliance Dashboard
8 Chair the steering committee meetings Setting the direction and re-alignment. Provide expert suggestions to enable executive decisions
9 Review and track the closure of vulnerabilities Monthly Vulnerability Dashboard
10 Yearly review of the Information Security Policies and Procedures Reviewed policies with closure of identified documentation gaps
11 Review and track the closure of Risks Monthly Risk Dashboard