CISO as a Service
What is CISO as a Service?
Comsec’s CISO as a Service offering enables organizations to remain focused on their business by allowing a third party with proven experience to take responsibility for securing their assets, while maintaining a flexible, cost-effective approach.
Many organizations are not ready to hire a full-time Chief Information Security Officer (CISO), have not fully defined the CISO’s responsibilities within their organization, or have a CISO who just needs more assistance and guidance from an experienced CISO to help him improve the overall organizational security or achieve compliance with complex security standards and regulations.
Comsec’s CISO as a Service offering provides you with the right person for your needs. The function can be built to match the organization’s requirements in terms of time dedicated (ranging from 2 days a month to 5 days a week) and activities required. In addition to a dedicated resource, we provide the flexibility to access the full Comsec resource pool enabling delivery of a diverse range of services and knowledge, which typically cannot be provided by an individual CISO.
Depending on the nature of your organization and its needs, Comsec can provide a CISO with technical hands-on experience, specialization in legal requirements, regulation (such as GDPR, Domestic Privacy Protection Regulations, SOX, etc.), and security standards (such as ISO 2700x, NIST, COBIT, etc.), or specialization in secure software development life cycle (SSDLC).
The CISO activities may include:
1. Information Security Leadership and Guidance
2. Steering Committee Leadership or Participation
3. Security Compliance Management
4. Security Policy, Process, and Procedure Development
5. Security Training and Awareness
6. Incidents – Identify, Report and Control
7. Managing the Information Security Budget
8. Security Testing
9. Identification and Access Management
10. Monitoring Threats and Taking Preventive Measures
11. Establishing a Disaster Recovery Plan and a Business Continuity Plan
12. Conducting Third-Party Vendor Security Assessments
13. Risk Management