A chief security officer (CSO) is responsible for ensuring that the business risk associated with computer, network, and Internet use is kept at a level acceptable to management. A virtual chief security officer (V-CSO) fills this position as needed for organizations that have no security manager or CSO on staff.
We review existing policies or create new policies. Our goal is to ensure your policies, and supporting standards and guidelines, effectively manage operational risk.
Managing security is managing business risk. We perform overall business risk profile assessments, system assessments, and engage with project teams/vendors to ensure new solutions are secure.
The purpose of change management is to ensure we don't break anything, including security and critical business processes, when we make a change to applications or infrastructure. We help design a change management process and train relevant staff. We can also serve as your change management team.
The business impact of a security incident is related to how effectively you respond. We assist you in developing an incident management process and conduct annual training of your teams.
Before fixing unwanted technology/process outcomes, we need to understand the root causes of the outcomes. We can assist by conducted a root cause analysis with your team. Having a third party chair such a meeting helps keep the finger pointing to a minimum and avoids making assumptions.
No security policies are effective unless your employees understand the expected outcomes and risks associated with non-compliance. We design and deliver security training in classroom or webinar formats.