Irrespective of regulatory scrutiny in your industry or organization, too much is at stake to not have a CISO. A security leader has the specialized technical knowledge and corporate governance experience to help build a strong cyber security foundation and the agility to prevent, detect and mitigate evolving threats while enhancing the “security IQ” of your entire organization.
Kroll’s team of experts includes seasoned former CISOs from a variety of industries who can strengthen your existing staff, set strategic objectives to support business-critical technology demands and balance IT administration, as well as establish clear communication with the board of directors, investors and government agencies.
Whether you are looking for an interim CISO, a resource to support your CISO or a longer-term arrangement, Kroll’s Virtual CISO Advisory Services provide the leadership you need, when you need it.
You can rely on a vCISO from Kroll to have the technical expertise, business acumen and communication skills to make an immediate difference. Our experts have served in a broad range of industries for companies of various sizes and will know how to align information security strategies with your company’s unique needs and challenges. Services and offerings include:
Sample high-level security strategy outline
Our vCISO Advisory Services are tailored to your specific situation and information security needs. While you have a number of options when it comes to the scope and length of services, there are four areas where most organizations benefit from the experience of a vCISO:
Guiding executives across business function and IT, Kroll’s vCISO helps identify business threats, provides a baseline for your current security program and defines security strategy in line with business objectives and technology strategies.
Our phased approach helps ensure an effective and efficient strategy that leverages NIST 800-53 and can be mapped to multiple cyber regulations (e.g., PCI, HIPAA, GDPR, FINRA, NYDFS).
Evaluating culture, processes and technologies from a security governance perspective, Kroll’s vCISO develops prioritized actions to help effectively manage your information security strategy and program. Assessments can include:
Based on the assessment findings, Kroll’s vCISO can provide various types and levels of ongoing support, including:
Security awareness is an important part of maintaining a robust program. Your vCISO can recommend and help implement training on topics for every level of user group within your organization. This can range from the highly technical (e.g., secure coding practices) to general data handling education to combating business email compromise. The vCISO can also oversee controlled phishing campaigns, conducted by Kroll, to gauge employee security awareness.
For organizations looking to build from the ground up, Kroll’s vCISO can provide your team with necessary system hardening configuration guides and network designs. This will also include multiple security protections and incident monitoring controls.
Kroll’s vCISO Advisory Services are drawn on the experience of former CISOs from a variety of industries—from professional services firms to multinational conglomerates—and bring a valuable blend of technical, executive and organizational experience. They are among the most accomplished technical experts practicing today, with special insight into evolving threats and solutions from their work at the front lines of cyber security. Kroll’s vCISOs are supported by our global, multidisciplinary team that includes former FBI, Interpol and U.S. Secret Service agents; former information technology and security executives; digital forensic scientists; intelligence analysts; and regulatory specialists from a wide variety of industries. This high-caliber team will help put your entire information security program on the maturity fast track.
Finding an experienced, well-qualified CISO in today’s competitive information security job market can be challenging, time-consuming and expensive. If you need a CISO now, then this is the perfect time to consider Kroll’s Virtual CISO Advisory Services.
Kroll’s product security experts upscale your AppSec program with strategic application security services catered to your team’s culture and needs, merging engineering and security into a nimble unit.
Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.
Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.
Helping organizations manage CFIUS, Team Telecom and FOCI requirements.
Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.
by Keith Wojcieszek, Laurie Iacono, George Glass
by Tiernan Connolly
by Laurie Iacono, Keith Wojcieszek, George Glass