vCISO | CUSTOM TAILORED STRATEGIC PROGRAM

WHAT IS A VIRTUAL CISO?

According to Cisco's 2015 Annual Security Report, 91% of companies employ an executive with direct responsibility for security, but only 29% of them employ a chief information security officer (CISO). Businesses with CISOs on staff recorded the highest level of confidence in their overall security stance, especially in terms of optimization and clarity of policies, processes, and risk management strategy.  Moreover, board and/or executive-level presence of cybersecurity expertise is quickly being codified into a hard requirement from many regulatory bodies, like the FTC or SEC.

Sophisticated cybersecurity tools are only part of the equation:  Enterprise Security is a complex area that requires management expertise across a wide range of systems and resources. Affected companies cannot risk a trial-and-error approach to avoid breaches, manage incidents, or instill user and investor confidence.

Many organizations, regardless of size, either cannot afford or have not adapted to the value of a CISO in the current cybersecurity landscape.  Regardless of the reason, virtual CISO (vCISO) Advisory Services provided by RedLegg Advisory Services allow to fill the gap and satisfy risk management requirements while controlling associated costs.

BENEFITS

Benefits of a Virtual CISO service performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

vCISO PROJECT SCOPE

RedLegg’s vCISO Security Service begins with a review of the environment and a gap assessment.  An improvement plan, or roadmap, is developed to close those gaps through a prioritization of remediation efforts. Throughout the course of the entire program, RedLegg will provide strategic direction and remediation guidance for your overall security program.

PHASE 1:
OBJECTIVES

RedLegg will work with you to determine the overarching objectives for this engagement:

  • Establish a vision for the Information Security Program.
  • Review existing security projects and initiatives.
  • Prioritize needs based on risk level.
  • Establish and communicate a Security Roadmap to senior management.
  • Create a Third-Party Risk Management Program.
  • Create an Internal Risk Management Program.

PHASE 2:
ONBOARDING

RedLegg will work with you to determine the scope of the project, including hours of service. We will also review your existing policies and technical controls against the NIST Cybersecurity Framework in an Onboarding Assessment.

Deliverables include:

  • GAP Report
  • GAP Remediation Plan
  • Information Security Roadmap

PHASE 3:
REVIEW

This phase consists of policy, standards, and guideline creation. RedLegg will work to update existing policies and create new policies, standards, and guidelines documents on an as-needed basis.

Deliverables include:

  • Information Security Policy
  • Relevant Standards and Guidelines Documents
  • PHASE 1:
    OBJECTIVES
  • PHASE 1:
    OBJECTIVES

    RedLegg will work with you to determine the overarching objectives for this engagement:

    • Establish a vision for the Information Security Program.
    • Review existing security projects and initiatives.
    • Prioritize needs based on risk level.
    • Establish and communicate a Security Roadmap to senior management.
    • Create a Third-Party Risk Management Program.
    • Create an Internal Risk Management Program.
  • PHASE 2:
    ONBOARDING
  • PHASE 2:
    ONBOARDING

    RedLegg will work with you to determine the scope of the project, including hours of service. We will also review your existing policies and technical controls against the NIST Cybersecurity Framework in an Onboarding Assessment.

    Deliverables include:

    • GAP Report
    • GAP Remediation Plan
    • Information Security Roadmap
  • PHASE 3:
    REVIEW
  • PHASE 3:
    REVIEW

    This phase consists of policy, standards, and guideline creation. RedLegg will work to update existing policies and create new policies, standards, and guidelines documents on an as-needed basis.

    Deliverables include:

    • Information Security Policy
    • Relevant Standards and Guidelines Documents

vCISO DESCRIPTION

From CISO-level strategic advice to operational expertise, RedLegg's modular program allows you to acquire proficiency and experience in one or multiple areas of information assurance, helping you save on budget by filling existing resource gaps.

  • INCLUDED OFFERINGS
  • vCISO BACKGROUND
  • vCISO EXPERIENCE

INCLUDED OFFERINGS

  • Current Security Posture Evaluation and Risk Assessment
  • Regulatory Compliance Assessment
  • Policy and Procedures Review & Development
  • Incident Response Plan Development and Execution
  • Security Awareness Program Implementation
  • Strategic Security Planning and Roadmap Development
  • Information Security Budgeting and Procurement Management
  • MSP Selection and Management

vCISO BACKGROUND

Your vCISO will have...
  • Over 10 years of CISO experience
  • Diverse consulting and management experience in a variety of corporate environments, including Fortune 100 enterprises (telecom, financial, healthcare, consumer goods and legal)
  • Up-to-date knowledge of Advanced Security and Threat Intelligence solutions
  • Audit and compliance expertise as an assessor, trusted security advisor, and compliance manager
  • Deep understanding of, and practical experience with, information security requirements for Virtualized Datacenter and desktop environments, as well as Cloud services

vCISO EXPERIENCE

Your vCISO will have...
  • Experience with technical architecture, system, application platform standardization, and managing change in fast-growing environments.
  • Experience with addressing cultural, technical, and compliance challenges resulting from national and international mergers and acquisitions
  • Successful planning and rapid deployment of Information Security & Disaster Recovery, network and endpoint Advanced Malware Protection, mobile device management, VPN, Unified Communication, messaging, and Data Storage & Replication projects on a national and international scale
  • Experience with managing large organizations and project-based teams of full-time employees or consultants
  • INCLUDED OFFERINGS
    • Current Security Posture Evaluation and Risk Assessment
    • Regulatory Compliance Assessment
    • Policy and Procedures Review & Development
    • Incident Response Plan Development and Execution
    • Security Awareness Program Implementation
    • Strategic Security Planning and Roadmap Development
    • Information Security Budgeting and Procurement Management
    • MSP Selection and Management
  • vCISO BACKGROUND
  • Your vCISO will have...
    • Over 10 years of CISO experience
    • Diverse consulting and management experience in a variety of corporate environments, including Fortune 100 enterprises (telecom, financial, healthcare, consumer goods and legal)
    • Up-to-date knowledge of Advanced Security and Threat Intelligence solutions
    • Audit and compliance expertise as an assessor, trusted security advisor, and compliance manager
    • Deep understanding of, and practical experience with, information security requirements for Virtualized Datacenter and desktop environments, as well as Cloud services
  • vCISO EXPERIENCE
  • Your vCISO will have...
    • Experience with technical architecture, system, application platform standardization, and managing change in fast-growing environments.
    • Experience with addressing cultural, technical, and compliance challenges resulting from national and international mergers and acquisitions
    • Successful planning and rapid deployment of Information Security & Disaster Recovery, network and endpoint Advanced Malware Protection, mobile device management, VPN, Unified Communication, messaging, and Data Storage & Replication projects on a national and international scale
    • Experience with managing large organizations and project-based teams of full-time employees or consultants

vCISO SERVICE INFORMATION

From CISO-level strategic advice to operational expertise, our modular program allows an organization to acquire proficiency and experience in one or multiple areas of information assurance, helping you save on budget by filling gaps found within your existing staff.

Tabletop-Exercise-Pillar-Banner

See how a vCISO can help validate your Incident Response Plan with a Tabletop Exercise. 

LEARN MORE

OUR APPROACH

RedLegg’s Custom Tailored Strategic Security Program allows your company to leverage the expertise of an established security team without the time and investment required to hire those experts.  From CISO-level strategic advice to operational expertise, our modular program allows an organization to acquire proficiency and experience in one or multiple areas of information assurance, helping you save on budget by filling gaps found within your existing staff.  Instead of hiring a single area expert, such as a pen tester or analyst, your organization can rely on the experience and knowledge of our industry-recognized information security and IT management professionals.

Acting as your trusted advisor and partner, the RedLegg CTSS Program does not simply sell you a service or product: we meet all of your security needs, allowing you to grow your business as you strive to reach the next level of information protection.

ARMEElogo-1

GET GUIDANCE.

Improve your security posture with the CISO perspective.

REACH OUT TO AN EXPERT