SECCG has several pre-set packages available to fit customer’s needs.
- Virtual CISO Bronze: For small businesses requiring minimal but consistent virtual CISO services, including customer and partner questionnaire support, information security program creation and management, annual information security training, annual business continuity table-top exercise, and an annual qualitative information security risk assessment.
- Virtual CISO Silver: For small and midsized businesses requiring more complex virtual CISO services. Includes all the features of Bronze plus annual SOC2 or similar audit support, compliance with regulations and standards; annual IT security assessment; and third-party critical vendor reviews.
- Virtual CISO Gold: For midsized businesses over 300 employees with the complexity to require the features of Silver but at a greater volume of virtual CISO services. Includes an annual quantitative information security risk assessment.
- Virtual CISO Diamond: For midsized businesses requiring virtual CISO services beyond the Gold level.
Note, these are examples. Each level is customizable depending on industry and engagement goals.
In addition, we offer a variety of specific project-based engagements, including but not limited to:
Information Security Risk Assessment (Qualitative): Information security is, at its core, risk management. Risks must be identified and prioritized so as to efficiently apply resources for mitigation. An Information Security Risk Assessment (ISRA) is the tool for managing and communicating risks to executive management and the Board of Directors. Without a solid ISRA, executives do not have a clear understanding of the information security risks they are ultimately responsible for, and staff has no direction on the risks to address. A virtual CISO will create and manage a complete and sustainable ISRA process. May be added to any package above for an additional fee.
GDPR Readiness Assessment: Concerned how the General Data Protection Regulation? A virtual CISO can analyze your information flows and provide an assessment of your organization to comply with the GDPR.
ISO 27001/2 Gap Analysis: ISO 27001 is the most widely followed information security framework worldwide, covering all aspects of an information security program. As a rule of thumb, an information security program aligned with and adhering to ISO 27001 will achieve most regulations and standards compliance requirements. Our virtual CISO can get you there.
IT Security Assessments: Does your organization’s firewall ruleset make sense? Are your other IT controls maximized for protection? Our experienced virtual CISOs provide an independent review to verify IT controls or recommend changes, all while not impeding business operations.
Information Security Program / Policy Creation and Implementation: The Information Security Program document and associated policies form the foundation of an organization’s information security program. A virtual CISO will design policies and standards (including RACI charts) to match your organization’s needs and culture.
Business Continuity: Stuff happens. Your business needs to survive unintended events. Let one of our virtual CISOs work with you to create meaningful BIAs and conduct effective table-top exercises to ensure continuity of operations, whatever the cause for the interruption.
Third-Party (Vendor) Reviews: Migrating to a cloud provider does not absolve an organization of its cybersecurity responsibilities. Controls must be assessed and confirmed to align with the corporate risk tolerance. Vendor information security reviews, including thorough SOC1/2 audit reports, are an essential element of proper information security risk management. Our virtual CISOs years of experience reviewing vendors will work for you.
Network Vulnerability Assessments and Web Application Scans: Testing is the first step. Knowing what to prioritize in remediation and what compensating controls may work better than rectifying the primary control gap can save time and cost and add efficiency while increasing security posture.
Penetration Testing: A highly skilled penetration tester will attempt to discover and exploit vulnerabilities and a virtual CISO will work with your team to understand and address gaps.
Cybersecurity Assessment Tool (Financial Institutions): Navigating and completing the FFIEC’s Cybersecurity Assessment Tool (CAT) is a complicated process. With experience including participation in the development of the FSSCC Automated Cybersecurity Assessment Tool, our virtual CISOs can help navigate all aspects of this de-facto standard cybersecurity assessment for financial institutions.
Compliance With Regulations and Standards: Whether PCI, HIPAA, SOX, GDPR, FERPA, NYS DFS, or another regulation or standard, our virtual CISOs can help your organization achieve information security compliance.
Data Mapping Exercises: Where is your data? How is it protected? A data mapping exercise led by a virtual CISO skilled in privacy concerns will answer these questions and reveal gaps in controls – and is required for GDPR.
Special Projects: Don’t see what you need? Let us know, we may be able to assist. Contact Us
