Flexible service models tailored to your needs
Many of our mid-tier clients find that the traditional consulting model doesn’t work for them and is not delivering the sustainable capability improvement they require. To help you rapidly build and maintain your cyber capability, we provide the option of different service models which are flexible and tailored to your needs. Every organisation is unique and has its own cybersecurity risk profile and requirements. Our service model can be tailored to your specific needs, based on an initial maturity assessment and threat and risk assessment.
Project based (traditional consulting model)
Professional consulting services on a project by project basis
vCISO-on-demand
A part time CISO providing coaching, advice and support
vCISO-as-a-Service
A dedicated part time CISO who becomes part of your management team
Co-sourced or outsourced
Outsource part or all of the management of your security program and function
Indicative services in each vCISO service
Specialist cyber services packaged into a cost-effective and sustainable service model
The table below provides an example of the types of services provided under each service model. The services are indicative and will be tailored to meet your needs.
Service
model
vCISO-on-demand
vCISO-as-a-Service
Outsourced
vCISO
Description
A part time CISO providing coaching, advice and support
A dedicated part time CISO who becomes part of your management team
Outsource the full management of your security program and function
Assess your cyber risk and capability
Current state maturity assessment
√
√
√
Cyber threat and risk assessment
√
√
√
Regulatory compliance
√
√
√
Technical security assessments
Optional
Optional
Optional
Define your cyber strategy
Cyber security strategy and roadmap
√
√
√
Capability development plan
Optional
√
√
Business case and budget
Optional
√
√
Build your cyber resilience capability
Cyber governance, risk and compliance framework
Develop
Manage
Manage
Cyber program management
Optional
Optional
√
Sourcing of cyber services
Optional
Optional
Optional
Sourcing of cyber security people and skills
Optional
Optional
Optional
Manage your cyber risk posture
Executive and board reporting
Regular
Regular
Regular
Strategic advice and coaching, participation in management meetings
Online
Regular
Regular
Oversight of security program
On request
√
√
Risk assessment and remediation plans
√
√
√
Information security policy framework
Develop
Manage
Manage
Security culture and awareness
On request
Oversight
Manage
Vulnerability assessment & penetration testing
On request
Regular
Ongoing program
Third party risk management
On request
Regular
Ongoing program
Incident response planning
On request
Regular
Ongoing program
Executive support for incident management
On request
Defined role
Lead role
Coaching and mentoring of security staff
√
√
If required