Virtual CISO

 

Tasks Type Deliverables Resource
1. Initial assessment of Cyber Security Posture and potential threats Mandatory Perform Surveys and Interviews to:

  • Assess business consequence of a Successful Cyber Attack
  • Assess current Risk Management process
  • Assess percieved vulnerabilities and technologies in place to protect against these.
  • Assess current policies and processes
  • Analyse relevant threats
  • Assess staff awareness and training undertaken
  • Assess effectiveness of existing protection systems
  • Produce and present report outlining high level InfoSec posture
CISSP certified CISO
2. Provide prioritised list of recommended improvements (Policies, Training, Projects, Insurance) including cost/benefit of top 3 recommendations Mandatory Prioritise recommended actions
Undertake cost/benefit analysis of top three recommendations
Produce and present report outlining all recommended action including documentation of cost/benefit.
CISSP certified CISO
3. Handle security questionnaires from partners, suppliers and customers Optional Based on findings from Initial Assessment develop generic template for response to partner/customer/supplier Security Questionnaires. Deliver ongoing responses as and when required. CISSP certified CISO
4. Define KPI for ongoing Security Operational Monitoring based on available data from existing systems Optional (Mandatory for 5.) Based on findings from Initial assessment, perform further detailed analysis of reporting from existing defensive systems and deliver recommendation for how Key Performance Indicators for InfoSec defences can be implemented CISSP certified CISO
5. Implement KPI Monitoring from existing data sources Optional (Mandatory for 8.) Oversee implementation of reporting regime as designed in 4. CISSP certified CISO
6. Oversee Vulnerability Testing Optional (Recommended for 8.) Initially review current arrangements or recommend new Vulnerability testing scheme. Thereafter oversee that findings from regular testing is followed through. EC-Council CEH Analyst
7. Evaluate/approve new developments/projects from a Security standpoint Optional (Recommended for 8.) Review new systems and system changes from a Cyber Security viewpoint, testing done, supplier credentials etc. CISSP certified CISO
8. Provide monthly InfoSec reports for senior mgmt. based on KPIs (5.), Vulnerability Testing (6.), new/changed systems (7.) and progress on recommended improvements (2.) – run quarterly Infosec board meetings to discuss quarterly progress. Optional Monthly reports, Quaterly minuted meetings. CISSP certified CISO
9. Create and own InfoSec strategy Optional Based on business strategy, work closely with senior management and provide 3 year plan for InfoSec evolution closely aligned with IT/Technology strategic plan CISSP certified CISO
10. Develop and maintain incident management plan Optional Working closely with IT/Technology departments, HR and Senior Management to develop a plan for how the business can best cope with various forms of Cyber Incidents. CISSP certified CISO
11. Perform Incident Management Test/Rehearsal / Red Team Attack Optional Optional addition to 10, plan and coordinate a rehearsal of a Business Disruptive Cyber Incident / execute Red Team Attack. CISSP certified CISO
12. Support during incidents Optional Optional addition to 10., to support the business in real-time during an incident, either in a leadership of supporting role. CISSP certified CISO and EC-Council CEH Analyst