Why you need a Virtual Chief Security Officer
Our Virtual Chief Security Officer (vCSO) solution will help your business make security decisions, understand security threats, and optimize security processes.
With our vCSO solution, you will retain a board-level resource who can virtually sit inside your company and manage your security strategy, budget, review of risks and regulatory programs.
Get the benefit of highly-specialized security talent for a fraction of the cost of a full-time staff member
- Threat Intelligence: Provides context for decisions being made within the cybersecurity program
- Risk Analysis: Prioritizes items for completion within the organization —provides a trustworthy place to start
- Security Accountability: Creates oversight for the organization’s security —the Executive team knows it is being proactively managed
- Board-level Discussion: Communicate business security risk and outcomes to the board, now that it is a board-level expectation
- IT Meets IS: Someone on the team focused on making sure it gets done in a secure matter – not just done
With our vCSO solution, we will not be sitting on the sidelines.
Our goal is to be constantly and consistently delivering you results. Below we will outline the ongoing items that we will be providing as part of this solution.
Monthly:
- IT Performance Analysis: Audit monthly IT activities, document findings and initiate/request/validate any necessary changes.
- IT Security Meeting: Meeting to review issue progress, vulnerability test results, security project status, plan for upcoming events, and review/edit deliverables as needed.
- Simulated phishing exercises: Deploy simulated phishing exercises and analyze results for frequent clickers or other signs and/or anomalies.
- Back-up Review: Review back-up of all endpoint machines and servers to ensure that they are occurring on a timely basis and are within backup service level agreement.
Quarterly:
- User Privilege Review: Review the list of Line of business, M365 and domain users to ensure no unneeded users; verify tickets were created for user termination requests as well as any Human Resources changes.
- Executive Leadership Meeting: Meet with C-level executive team to provide updates on current trends in IT security, latest vulnerability analysis and status of IT projects; supplement with further updates as needed.
- IT Security Training: Select and initiate IT security training to all users.
- Vulnerability Scan/Security Analysis: Provide ongoing security analysis of network, provide/review report findings with leadership and assist in necessary remediation projects.
Bi-annually:
- Board Update Meeting: Prepare and present updates for Bi-Annual Cyber Security Risk Board Update. Prior to update confirm content with executive team and review discussion topics.
Annually:
- Physical Inventory Review: Review the list of IT equipment to ensure it is up to date and all assets are accounted for.
- Third-Party Penetration Testing: Schedule, coordinate and oversee third-party penetration testing; coordinate and remediate any findings from the testing.
- Policy Review: Review policies and make updates based on organizational changes; if changes are made to acceptable use policy, coordinate with legal/HR and incorporate into Employee Handbook as needed; create and implement new policies as needed.
- Procedure Review: Review and update procedures.
- Vendor Review: Conduct security review of vendors, including completion of Vendor Self-Assessment Questionnaires; initiate/oversee vendor security changes as needed; Review most current contract to determine if updates are needed.
- Risk Assessment: Review the different types of risk facing the business units; prioritize security and compliance investments and initiatives based on risk findings.
- PCI Self-Assessment: Complete and save to file the annual self-assessment questionnaires for compliance purposes.
- Tabletop Exercise: Perform annual table-top exercise of the disaster recovery plan/incident response plan with applicable IT vendors and company personnel.
- Inventory Data Assets: Review the list of assets/vendors with the executive team on an annual basis, generally as part of quarterly IT executive meeting; review list of Key Vendors in IT security portal to ensure it is up to date.
As-Needed:
- Site Visits: Conduct in-person visits to the organization’s site to review on-site security practices and initiate necessary changes.
- Threat Intelligence Emails: Provide threat intelligence emails to the organization as relevant.
- Audit Representation: Proper C-level representation in the event of a formal audit
- Security Deliverables: Provide other security deliverables and best practices as needed.
Ready to get started? Contact Taktical Tek today!