Virtual CISO services - Cyber Resilience

Flexible service models tailored to your needs

Many of our mid-tier clients find that the traditional consulting model doesn’t work for them and is not delivering the sustainable capability improvement they require. To help you rapidly build and maintain your cyber capability, we provide the option of different service models which are flexible and tailored to your needs. Every organisation is unique and has its own cybersecurity risk profile and requirements. Our service model can be tailored to your specific needs, based on an initial maturity assessment and threat and risk assessment.

Project based (traditional consulting model)

Professional consulting services on a project by project basis

vCISO-on-demand

A part time CISO providing coaching, advice and support

vCISO-as-a-Service

A dedicated part time CISO who becomes part of your management team

Co-sourced or outsourced

Outsource part or all of the management of your security program and function

Indicative services in each vCISO service

Specialist cyber services packaged into a cost-effective and sustainable service model

The table below provides an example of the types of services provided under each service model. The services are indicative and will be tailored to meet your needs.

Service

model

vCISO-on-demand

vCISO-as-a-Service

Outsourced

vCISO

Description

A part time CISO providing coaching, advice and support

A dedicated part time CISO who becomes part of your management team

Outsource the full management of your security program and function

Assess your cyber risk and capability

Current state maturity assessment

√

Cyber threat and risk assessment

√

Regulatory compliance

√

Technical security assessments

Optional

Define your cyber strategy

Cyber security strategy and roadmap

√

Capability development plan

Optional

√

Business case and budget

Optional

√

Build your cyber resilience capability

Cyber governance, risk and compliance framework

Develop

Manage

Cyber program management

Optional

√

Sourcing of cyber services

Optional

Sourcing of cyber security people and skills

Optional

Manage your cyber risk posture

Executive and board reporting

Regular

Strategic advice and coaching, participation in management meetings

Online

Regular

Oversight of security program

On request

√

Risk assessment and remediation plans

√

Information security policy framework

Develop

Manage

Security culture and awareness

On request

Oversight

Manage

Vulnerability assessment & penetration testing

On request

Regular

Ongoing program

Third party risk management

On request

Regular

Ongoing program

Incident response planning

On request

Regular

Ongoing program

Executive support for incident management

On request

Defined role

Lead role

Coaching and mentoring of security staff

√

If required

What are the benefits of a virtual CISO service model?

Flexibility – vCISO services can be tailored to complement your in-house capabilities with specialist skills in specific areas where you may not have the skills or capabilities available full time.
Scalability – the service can be scaled up or down with your workload and demand, for example you may want to ramp up the service when you are kicking off a new program, and then scale down again when returning to business-as-usual operations.
Responsiveness – having a vCISO on demand means you can get access to specialist skills or assistance at short notice when you need it.
Cost effective – the cost of a vCISO service is typically a fraction of what it would cost to have a full time CISO.
Objectivity balanced with inside knowledge – a long term relationship with a vCISO often provides the right balance between the knowledge of an insider with the objective perspective of an external adviser.
Continuity – on average CISO roles turn over every 2 years. A vCISO service from an organisation with a number of experienced specialists as backup for each other means no staff turnover or periods when you have no CISO capability on board.
Access to a range of expertise – every CISO comes with their own unique background and experience. A vCISO service can provide you access to multiple different skillsets for less than the cost of an individual CISO.
Proven methodology – a leading vCISO service is typically based on proven methodologies and approaches to ensure the effectiveness and efficiency of the service, not just “body shopping” of experienced people.