This document describes GRCAlert's services, tools, skills, and certifications for helping organizations reduce cyber risks and costs through leveraging automation, GRC, IAM, DLP, and cloud services. Key services include risk management, compliance, governance, risk and compliance program implementation, virtual CISO services, IT/security auditing, and risk/compliance workshops. Specialized skills and tools include Archer, RSAM, Allgress, Bwise, LockPath, ServiceNow, Oracle GRC, and various frameworks and certifications. Benefits of GRCAlert include bringing the right expertise and tools to engagements, helping clients achieve objectives, and providing typically 35% cost savings compared to full-time employees. Benef
Best Practices for Implementing an External Recruiting Partnership
Leverage Automation to Protect Your Crown Jewels and Reduce Cyber Risks/Costs
1. We protect your “Crown Jewel” and reduce cyber risks/costs by leveraging Automation
GRC IAM DLP Cloud
CEO, CIO
CSO,
CCO
vCISO
2. Services, Tools, Skills, Certifications
2
Focus Areas Detailed Description
Services
Risk Management
ERM, OpsRisk, IT risk, 3rd party risk and Cyber security risk
Compliance
SOX, PCI, GDPR, HITRUST, ISO 27000, SOC1/2, FedRAMP, HIPAA,NERC, MAR, NYDFS
Governance, Risk and Compliance (GRC)
Program, Process and Technology Implementation
vCISO services (CISO As A Service – Substantial $aving$)
Cyber security strategy, Cyber security program development/enhancement,
Monthly/Quarterly senior management reporting , yearly board reporting, Cyber
security program/technology roadmap and SME support
IT/Security Audit co-sourcing - IT/ERP audit, Cyber Security and 3rd party Audit
* Retainer – 20 hrs./week commitment. Use cases - Program oversight,
Resource until FTE on-boarded , In-flight project, Tool selection/POC/Pilot, Remediation
support, Workshops, Policies, Procedures , Standards , Run book development etc.
Risk/ Compliance/GRC/Cyber Security Workshops
1/2/5 day(s) duration (workshops/boot camps)
* Client can carry forward retainer hrs. to next month/quarter , valid for year .
3. Services, Tools, Skills, Certifications - Cont’d
3
Focus Areas Detailed Description
Tools and
Specialized
Skills
• Archer, RSAM, Allgress, Bwise, LockPath, ServiceNow, Oracle GRC
• NIST-CSF, FFIEC-CSF, ISO 27001 based cyber program assessments
• ServiceNow end-to-end ITSM and GRC services
• Cloud Assessment, Roadmap and Migration/Implementation Services
Certifications • CISSP, CISA, ITIL, PMP, PCI-QSA, CEH, OSCP
Why
GRCAlert?
• We bring the right team mix (domain/industry expertise) and tools to
each client engagement
• We help clients meet their objectives & achieve their vision by
delivering a total solution, sharing accountability for each of our
client’s successes
• Customer save on an average 35% compare to full time employee
(No vacation, no 401k, no public holidays, no sick days, no medical,
no bonuses, no mobile reimbursements, no annual raises, no social
security contribution, no training cost, no LTD benefits etc.)
• We always offer you the value optimized pricing model !
4. Limited Security Budget (Total cost of acquiring and retaining
seasoned CISO for small and medium businesses is up to
$250k-$350K/yr. plus). Additionally, Employee turnover and
the market for experienced security talent is very competitive
– CISO is no exception!
Scarcity of business and technology savvy experienced CISO
professionals.
On-going cyber security demands from internal/external
stakeholders
Growing “IT/Cyber Compliance” requirements e.g. GDPR,
SOX, PCI, GLBA, ISO27000, SOC1/2, HITRUST, FedRAMP,
FISMA, NERC, Privacy etc.
Why vCISO?
4
5. vCISO Services
vCISO
Cyber
Strategy
Cyber
Program
GRCMonitoring
Reporting
1
2
34
5
• Aligned with Business and IT Strategic
objectives e.g. Protect assets (confidential
data/IP), brand protection, high availability,
M&A, Expansion, new product or services,
regulatory mandates, cloud etc.
• Management
report
• Board report
• Dashboard
• Establish Cyber Security Program
• Perform Cyber Program Maturity Assessment
• Establish Cyber Program Components:
1. Policies, Standards, Procedures & Guidelines
2. Security architecture and design
3. Identity and Access management
4. Application and Data security
5. Network and Host security
6. Threat and vulnerability management
7. Incident Management
8. Security operations
9. Disaster recovery
10. Security awareness and training
11. Physical security
12. Cloud security
13. 3rd Party/Vendor security management
14. Governance (oversight, funding, PMO, Resources, Metrics,
Reports etc.)
15. Risk Management (IT/Cyber Risk, Vendor Risk etc.)
16. Compliance Management (GDPR, PCI,SOX,HIPAA etc.)
• Policies, Standards, Procedures, Assets , Vendor repository
• Risk & Compliance framework e.g. ISO 27000, NIST,
PCI,SOX, HIPAA, HITRUST, SOC1/2, GDPR etc.
• Risks and Controls library
• Remediation tracking and issues management
• Workflow and Notifications
• Integration with existing tools e.g. ServiceNow CMDB
• Reports and Dashboards
• Program delivery
• Metrics (KRI/KPI)
• Budget
5
6. vCISO Business Value
Cost savings and service continuity
Effective cyber security
governance and oversight
Focused, timely and accurate
strategic and tactical information
Independent and industry expertise
Flexible and adaptive approach
Increased mutual confidence
among internal/external
stakeholders
CurrentApproach
CISO As-A-Service
Cost Escalation
CISO As-A-Service
• Stabilizes Cost
If continue with current approach
Most CISO
organizations
are here
6