Almost all organisations store and process some sort of sensitive data and, while there is a duty of care to protect and govern that data, many organisations do not have the adequate skills or knowledge to be sure of doing that effectively. In these scenarios, we enable company boards to demonstrate the appropriate levels of governance, without the need to hire an expensive full-time Chief Information Security Officer.
We can provide an experienced CISO for a few days each month, to develop a security strategy and set the direction of any improvement work needed. Our CISO will also act as a strategic risk advisor to the board in a NED-style role, attending board meetings and audit committees as required, giving company executives much-needed assurance that they are meeting their duty of care obligations.
Typically, this type of service would start with an upfront assessment of the current state of the organisation’s information security posture. Depending on the outcome of that assessment, we can then also help with gap analysis and security roadmaps, as well as staff augmentation as required during transformation activities.
CISO Advisory Service
Created by CISOs for CISOs. We know it’s a lonely job, we’ve been there. People at all levels, both inside and outside the organisation look to you for guidance and there is nobody else to turn to for help. The buck definitely stops at the CISOs desk and it can be overwhelming, which is why we created this service. We can share that burden and help to introduce best practice and innovation that we’ve learned through experience. Even if you just need a sounding board, we’re here for you.
What sort of things can we help with?
- CISO first 100 days
- Structuring security risk management
- Executive reporting: what, when and how
- Dealing with audits
- Security operating model
- Organisation structure review
- Insource/outsource decision making
- Supplier reviews
- 3rd party assurance
- Assistance with interviews and candidate screening