Virtual CISO (vCISO) Advisory Services

In the current cyber security environment, there is simply too much at stake for companies – regardless of industry – to not employ a chief information security officer (CISO). A data security leader brings both technical expertise and corporate governance experience to help the company build a strong cyber security foundation and develop the necessary agility to prevent, detect and mitigate evolving threats.

Kroll’s team of experts include seasoned former CISOs from a variety of industries with the technical expertise to enhance the capabilities of an existing staff, set strategic objectives to support business-critical technology demands and balance IT administration. They can also establish clear lines of communication with board members, investors and government agencies.

Whether a company needs an interim CISO, additional resources to support the current CISO or a longer-term arrangement, Kroll’s Virtual CISO Advisory Services provide the leadership companies need, when they need it.

A vCISO from Kroll will bring the technical expertise, business acumen and communication skills to make an immediate impact. The experts on our team have experience in a broad range of industries, working for companies of various sizes. From Day 1, they will work to align effective information security strategies with the company’s unique needs and challenges. Services and offerings include:

• Setting and/or directing the implementation of privacy and security policies, standards, procedures and guidelines
• Managing and directing information security teams
• Engaging with the company’s management
• Performing risk assessments on operational security
• Relaying threat intelligence and managing enterprise security
• Crisis management

Sample high-level security strategy outline

Kroll’s Virtual CISO Advisory Services Help You Prepare, Protect and Strengthen Defenses

We tailor our vCISO Advisory Services to the client’s specific situation and information security needs. While they have several options regarding the scope and duration of services, vCISO clients typically see benefits in four areas:

Strategy Definition

Guiding executives across business function and IT, a Kroll vCISO can help a company identify business threats, provide a baseline for existing security programs and set security strategy in line with business objectives and technology capabilities.

Our phased approach ensures the implementation of an effective and efficient strategy that leverages NIST 800-53 and can be mapped to multiple cyber regulations (e.g., PCI, GDPR, FINRA, NYDFS, and HIPAA).

Training

Security awareness is an important part of maintaining an effective program. A vCISO can recommend and help implement training for every level of user group within an organization. This might range from the highly technical (e.g., secure coding practices) to general data handling to combating business email compromise. The vCISO can also oversee controlled phishing campaigns, conducted by Kroll, to ascertain security awareness among employees.

IT Environment Security Design

For organizations looking to build from the ground up, Kroll’s vCISO can provide a company’s security team with the configuration guides and network designs that are necessary to harden a security system. This will also include multiple security protections and incident monitoring controls.