Electronic & Virtual Chief Information Security Officer (eCISO & vCISO)
78% OF ORGANISATIONS HAVE A CYBERSECURITY SKILLS SHORTAGE*
Keeping an organisation secure is a full-time job, and it takes a team of qualified people
It’s time to get the experts in.
SKILL UP WITHOUT THE HEADCOUNT
A CISO has to stay across so many different aspects of cybersecurity.
It’s time to share the load with a trusted team
GET THE ASSURANCE YOU NEED
It’s hard to do cybersecurity well, and it’s hard to know if you’re doing it right;
It’s time to get some independent assurance.
WHO CAN AFFORD A FULLTIME CISO ANYWAY?
CISOs are in high demand, making them hard to find and difficult to recruit. Even a full-time CISO can benefit from our eCISO and vCISO services.
Red Piranha offers two types of CISO packages delivered through our ISO 27001 certified security operations centres tailored to meet your organisation’s needs:
eCISOTM (electronic CISO)
Integrated CISO tasks with remote consulting hours
vCISO (virtual CISO)
On-site & remote security specialists for CISO activities
Businesses are under increasing pressure to meet a range of compliance requirements including ISO 27001, PCI and HIPAA. By establishing the right foundation with our CISO services, you can be better equipped to stay on top of your evolving compliance needs.
Our electronic CISO service is an integrated offering which utilises human-machine teaming to bring together a mix of people, process and technology to deliver a range of compliance outcomes. It is supported by remote consulting services from our village of cybersecurity professionals to deliver a range of critical tasks and help Crystal Eye customers develop and maintain a comprehensive information security program.
Our virtual CISO solution gives you on-site and remote access to our pool of highly-experienced security experts to build and roll-out your security program and meet your reporting requirements. It is mostly targeted at customers who aren't using our Crystal Eye platform.
|Security Policy Document Templates - ISO27000 Series|
|Annual Cyber Security Review (CSR)|
|Dedicated Qualified Risk Officer|
|Annual Board Meeting||Remote||On-Site (AU)|
|AGM ISMS Executive Statement|
|Quarterly Board Risk Reporting|
|ISMS Risk Meetings (11 Hrs of Remote Cadence Meetings)|
|ISMS Risk Treatment and Data Processing (11 hours)|
|ISMS Incident Response & Escalation (10 hours offsite)|
|Staff Cyber Security Awareness Training (CSAT) 50 staff|
|Vulnerability Management Framework & Quarterly Scanning||CE Scan*||(External)|
* Delivered through the Crystal Eye platform
The frequency and scope of these deliverables can be adjusted and priced based on your required level of assurance.
With an eCISOTM or vCISO shouldering your security planning and reporting responsibilities, you and your team are free to focus on more strategic activities instead of putting out fires. Our CISO resources can recruit, train and mentor members of your IT and compliance teams to ensure proper security principles are being implemented and maintained across your organisation.
An eCISOTM or vCISO can also help set security strategies, procure solutions, remediate incidents, and put foundations in place for your compliance needs. They may also assist with bring-your-own-device (BYOD) policy and enforcement as well as managing your board-level responsibilities.
Is your business compliant?
If you’re not 100% sure of your compliance position, then you could benefit from eCISO® and vCISO services. There are laws in place that make directors personally liable if their organisation doesn’t meet its compliance requirements, so you need to pay careful attention to ensure these obligations are met. Being compliant takes considerable effort to implement policies and continuously update your systems requiring a security expert with extensive IT security experience.
Do you have a security plan?
Without an active security plan that is regularly updated to address developing threats, you are putting yourself and your business at risk. Your security planning for people, process and technology must be relevant to your business and regularly updated.
* Australian cyber security skills shortage study 2016, AISA