Why you need a Virtual Chief Security Officer

Our Virtual Chief Security Officer (vCSO) solution will help your business make security decisions, understand security threats, and optimize security processes.

With our vCSO solution, you will retain a board-level resource who can virtually sit inside your company and manage your security strategy, budget, review of risks and regulatory programs.

Get the benefit of highly-specialized security talent for
a fraction of the cost of a full-time staff member

Threat Intelligence

Provides context for decisions being made within the cybersecurity program

Risk Analysis

Prioritizes items for completion within the organization—provides a trustworthy place to start

Security Accountability

Creates oversight for the organization’s security—the Executive team knows it is being proactively managed

Board-level Discussion

Communicate business security risk and outcomes to the board, now that it is a board-level expectation

IT Meets IS

Someone on the team focused on making sure it gets done in a secure matter – not just done

Scope of Cybersecurity Activity:

Threat Modeling

Risk Management

3rd Party Pen Testing

Regulatory Compliance

System Patching

Security Architecture

Data Protection

Cost-effective Security Solutions

Access to Expertise and Experience

Enhanced Security Posture

Flexible and Scalable Services

With our vCSO solution, we will not be sitting on the sidelines.

Our goal is to be constantly and consistently delivering you results. Below we will outline the ongoing items that we will be providing as apart of this solution.

Benefits Include

Monthly:

IT Performance Analysis

Audit monthly IT activities, document findings and initiate/request/validate any necessary changes.

IT Security Meeting

Meeting to review issue progress, vulnerability test results, security project status, plan for upcoming events, and review/edit deliverables as needed.

Simulated phishing exercises*

Deploy simulated phishing exercises and analyze results for frequent clickers or other signs and/or anomalies (*Requires investment in advanced security stack)

Back-up Review

Review back-up of all endpoint machines and servers to ensure that they are occurring on a timely basis and are within backup service level agreement.

Quarterly:

User Privilege Review

Review the list of Line of business, M365 and domain users to ensure no unneeded users; verify tickets were created for user termination requests as well as any Human Resources changes.

Executive Leadership Meeting

Meet with executive team (CEO, COO, CFO, GC and CAO) to provide updates on current trends in IT security, latest vulnerability analysis and status of IT projects; supplement with further updates as needed.

IT Security Training

Select and initiate IT security training to all endpoint users through the Galactic portal.

Vulnerability Scan/Security Analysis

Provide ongoing security analysis of network, provide/review report findings with leadership and assist in necessary remediation projects.

Bi-annually:

Board Update Meeting

Prepare and present updates for Bi-Annual Cyber Security Risk Board Update. Prior to update confirm content with executive team and review discussion topics.

Annually:

Physical Inventory Review

Review the list of IT equipment to ensure it is up to date and all assets are accounted for.

Third-Party Penetration Testing

Schedule, coordinate and oversee third-party penetration testing; coordinate and remediate any findings from the testing.

Policy Review

Review policies and make updates based on organizational changes; if changes are made to acceptable use policy, coordinate with legal and incorporate into Employee Handbook as needed; create and implement new policies as needed.

Procedure Review

Review and update procedures

Vendor Review

Conduct security review of vendors, including completion of Vendor Self-Assessment Questionnaires; initiate/oversee vendor security changes as needed; Review most current contract to determine if updates are needed.

Risk Assessment

Review the different types of risk facing the business units; prioritize security and compliance investments and initiatives based on risk findings.

PCI Self-Assessment

Complete and save to file the annual self-assessment questionnaires for compliance purposes.

Tabletop Exercise

Perform annual table-top exercise of the disaster recovery plan/incident response plan with applicable IT vendors and company personnel.

Inventory Data Assets

Review the list of assets/vendors with the executive team on an annual basis, generally as part of quarterly IT executive meeting; review list of Key Vendors in IT security portal to ensure it is up to date.

As-Needed:

Site Visits:

Conduct in-person visits to organization’s sites to review on-site security practices and initiate necessary changes.

Threat Intelligence Emails:

Provide threat intelligence emails to organization as relevant.

Audit Representation:

Proper C-level representation in the event of a formal audit

Security Deliverables:

Provide other security deliverables and best practices as needed.