Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Contact us
/en/services/cyber-risk/governance-advisory/virtual-ciso-advisory-services service

Irrespective of regulatory scrutiny in your industry or organization, too much is at stake to not have a CISO. A security leader has the specialized technical knowledge and corporate governance experience to help build a strong cyber security foundation and the agility to prevent, detect and mitigate evolving threats while enhancing the “security IQ” of your entire organization.

Kroll’s team of experts includes seasoned former CISOs from a variety of industries who can strengthen your existing staff, set strategic objectives to support business-critical technology demands and balance IT administration, as well as establish clear communication with the board of directors, investors and government agencies.

Whether you are looking for an interim CISO, a resource to support your CISO or a longer-term arrangement, Kroll’s Virtual CISO Advisory Services provide the leadership you need, when you need it.

You can rely on a vCISO from Kroll to have the technical expertise, business acumen and communication skills to make an immediate difference. Our experts have served in a broad range of industries for companies of various sizes and will know how to align information security strategies with your company’s unique needs and challenges.

Services and offerings include:

  • Setting or directing privacy and security policies, standards, procedures and guidelines
  • Managing and directing information security teams
  • Engaging with executive management
  • Running risk assessments on operational security
  • Providing threat intelligence and manage enterprise security
  • Crisis management

Virtual CISO

Sample high-level security strategy outline

Kroll’s Virtual CISO Advisory Services Help You Prepare, Protect and Strengthen Defenses

Our vCISO Advisory Services are tailored to your specific situation and information security needs. While you have a number of options when it comes to the scope and length of services, there are four areas where most organizations benefit from the experience of a vCISO:

Strategy Definition

Guiding executives across business function and IT, Kroll’s vCISO helps identify business threats, provides a baseline for your current security program and defines security strategy in line with business objectives and technology strategies.

Our phased approach helps ensure an effective and efficient strategy that leverages NIST 800-53 and can be mapped to multiple cyber regulations (e.g., PCI, HIPAA, GDPR, FINRA, NYDFS).

Strategic Virtual CISO Services & Interim CISO

Assessment

Evaluating culture, processes and technologies from a security governance perspective, Kroll’s vCISO develops prioritized actions to help effectively manage your information security strategy and program. Assessments can include:

  • Interviews with stakeholders across the technical, business and executive teams as well as gathering documentation
  • Robust reviews of a variety of areas, including information asset management, acceptable use policies, data classification, threat and vulnerability management and third-party management

Oversight

Based on the assessment findings, Kroll’s vCISO can provide various types and levels of ongoing support, including:

  • Developing policies and procedures to close gaps in documentation
  • Developing a remediation plan with actionable, prioritized recommendations
  • Implementing the remediation plan
  • Providing ongoing strategic guidance that is less intensive, but assists the organization in maintaining long-term goals

Training

Security awareness is an important part of maintaining a robust program. Your vCISO can recommend and help implement training on topics for every level of user group within your organization. This can range from the highly technical (e.g., secure coding practices) to general data handling education to combating business email compromise. The vCISO can also oversee controlled phishing campaigns, conducted by Kroll, to determine security awareness levels among employees.

IT Environment Security Design

For organizations looking to build from the ground up, Kroll’s vCISO can provide your team with necessary system hardening configuration guides and network designs. This will also include multiple security protections and incident monitoring controls.

Virtual CISOs Bring Experience, Expertise, Leadership

Kroll’s vCISO Advisory Services are drawn on the experience of former CISOs from a variety of industries—from professional services firms to multinational conglomerates—and bring a valuable blend of technical, executive and organizational experience. They are among the most accomplished technical experts practicing today, with special insight into evolving threats and solutions from their work at the front lines of cyber security. Kroll’s vCISOs are supported by our global, multidisciplinary team that includes former FBI, Interpol and U.S. Secret Serviceagents; former information technology and security executives; digital forensic scientists; intelligence analysts; and regulatory specialists from a wide variety of industries. This high-caliber team will help put your entire information security program on the maturity fast track.

Finding an experienced, well-qualified CISO in today’s competitive information security job market can be challenging, time-consuming and expensive. If you need a CISO now, then this is the perfect time to consider Kroll’s Virtual CISO Advisory Services.

Increased Cyber Resilience with a Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Frequently Asked Questions

Connect with us

Connect with us

Keith Novak
Keith L Novak
Managing Director
Cyber Risk
New York
Phone
James McLeary is an associate managing director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in Hong Kong.
James McLeary
Managing Director
Cyber Risk
Hong Kong
Phone

See all servicesStay Ahead with Kroll

Valuation

Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Middle Market M&A, Strategic Advisory, Debt Advisory and Private Capital Markets, Restructuring and Insolvency Services, Financial Due Diligence, Fairness Opinions, Solvency Opinions and ESOP/ERISA Advisory.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Threat Intelligence


Q4 2022 Threat Landscape Report: Tech and Manufacturing Targeted as Ransomware Peaks for 2022

Feb 15, 2023

by Laurie IaconoKeith Wojcieszek George Glass

Cyber


Live from Davos – Cyber in 2023: Geopolitical and Economic Risks

Jan 16, 2023

by Jason N. SmolanoffMegan  Greene

Cyber


Q3 2022 Threat Landscape: Insider Threat, The Trojan Horse of 2022

Nov 08, 2022

by Laurie IaconoKeith Wojcieszek George Glass

Cyber


Cyber Insurers Increase Focus on Due Diligence

Nov 04, 2022

by Edward Starkie

Press Release


Kroll Responder Recognized in 2023 Gartner Market Guide for Managed Detection and Response Services for the Third Consecutive Year

Mar 23, 2023

News


Kroll Launches Cyber Partner Program Delivering Lifetime Returns

Feb 28, 2023

News


Kroll Named an MDR “Champion” by Bloor Research

Feb 27, 2023

Press Release


Gartner Names Kroll a Representative Vendor for Managed Security Incident and Event Management

Jan 09, 2023

Conference


Kroll at RSA Conference 2023

Conference Conference Apr 24 - Apr 27, 2023 | Conference

Webcast


KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event