Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Top Tips on Choosing a vCISO


Published on

What is a virtual CISO and how would it fit into your organization? Find out what you should know as you start the search for a vCISO.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Top Tips on Choosing a vCISO

  1. 1. And What You Need to Know Beforehand Top Tips on Choosing a vCISO @CISOSHARE
  2. 2. What is a Virtual CISO? An outsourced security role to lead your cyber security program. Copyright © 2019
  3. 3. Why Use a Virtual CISO? • You need an interim security leader as you build an internal team. • You’re outsourcing security entirely. • You need support in improving your security program. There are no wrong reasons, only different business goals. Copyright © 2019
  4. 4. 5 Steps to Choosing the Right vCISO: 1. Educate Yourself 2. Understand Your Current State 3. Determine Your Options Moving Forward 4. Tell the Story 5. Make a Decision Copyright © 2019
  5. 5. STEP 1: Educate Yourself Copyright © 2019
  6. 6. STEP 1 Understand the basics of your organization: Why do you want to improve cyber security? What problems will you face without the right program? What requirements does your organization have to meet? Copyright © 2019
  7. 7. Explore your implementation options: Outsource everything in your security program. Only outsource the CISO role and hire an internal security team. Hire an internal CISO and outsource roles to a service provider. Anything in between! STEP 1 Copyright © 2019
  8. 8. Evaluate available security service providers: Professional services consultants These teams offer project-based contracts, including vCISO services. Managed security service providers True service providers offer ongoing role and process performance to clients. One-person CISO consultancies These are individuals you can use to perform the CISO function. STEP 1 Copyright © 2019
  9. 9. Everything in security will have ongoing capital and operational costs. Don’t forget to factor in foundational costs, resource costs, and any necessary technology costs. Understand your budget and cost savings. STEP 1 Copyright © 2019
  10. 10. STEP 2: Understand Your Current State Copyright © 2019
  11. 11. • Alignment to best practices and security regulations • Foundation and process maturity • Existing resource capability • Existing remediation items and security roadmap • Security architecture and data map • Susceptibility to attack Understand key areas of your security program: STEP 2 Copyright © 2019
  12. 12. Different ways to measure your current state: Internal assessment using your own team External assessment through a consultancy Potential security service providers Utilizing a previous customer assessment STEP 2 Copyright © 2019
  13. 13. STEP 3: Determine Your Options Moving Forward Copyright © 2019
  14. 14. STEP 3 1 What the option is, so people can quickly understand it. 2 The annual capital and ongoing costs of each program option. 3 The foundational elements that will be built. 4 The resource elements and whether they’ll be internal, outsourced, or a combination of the two. 5 Any security architecture technology that might change or be added. 6 How the option will maintain or improve your current state. 7 Any pros and cons for each. Copyright © 2019
  15. 15. STEP 4: Tell the Story Copyright © 2019
  16. 16. Use everything you’ve gathered from your research, your current state, and any service providers you’ve found. Explain the needs of your security program. STEP 4 Copyright © 2019
  17. 17. Educate your upstream decision-makers and make a case for each option. STEP 4 Copyright © 2019
  18. 18. STEP 5: Make a Decision Copyright © 2019
  19. 19. Turn each option on the table into specific and actionable next steps. The more work you’ve put into the previous steps, the easier this one will be. STEP 5 Copyright © 2019
  20. 20. Want More Decisions? Download Our Guide to Selecting a vCISO! Copyright © 2019
  21. 21. Go Out There and Find the vCISO that will Improve Your Security Program! Learn More About Our vCISO Services @CISOSHARE Copyright © 2019
  22. 22. @CISOSHARE Copyright © 2019 Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE | | +1-800-203-381