CISO As a Service

A co-source service, providing you with a seasoned security professional that acts as your organisation’s Chief Information Security Officer.

The provision of this resource can be arranged either on a retainer or a secondment, on a days per month or per year basis.

The CISO will help increase your cyber security resilience by acting as an internal employee in your organisation. Duties will include preliminary actions to secure your perimeter and IT assets overall, locating vulnerabilities, managing risks and mitigating threats, along with setting a strategic direction in developing your cyber security defences to meet your needs.

This service helps in maturing your existing capability and better preparing your organisation to prevent and respond to cyber-attacks. Furthermore, it provides critical support during a crisis or security incident.

Cyber Security Risk Assessment

Identify cyber risks that pose a threat to your organisation, or a third-party affiliate.

Assess and prioritise the consequences of identified risks depending on their severity and impact.

Enable actions that improve your security posture based on the specified recommendations from the assessment outcome.

Increase your overall cyber maturity level by remediating gaps and addressing security issues in your organisation.

Facilitate your future strategy in tackling cyber security.

Development of Cyber Security Strategy

By working alongside your organisation and based on your business characteristics, we help you define your cyber risk appetite.

We understand core business objectives, capabilities and potential hurdles and develop a tailored cyber security strategy based on your risk appetite.

Creating a roadmap with planned milestones, priorities and risks to be mitigated, along with an action plan that defines achievements in the short, mid and long term.

Combining your strategy with input from your broader business risks, objectives or transformation initiatives, creates a powerful tool helping you tackle cyber security as an organisation.

Compliance Assessment Using Industry standards, Frameworks and Regulations

Obtain an overall view of your current state of compliance against international standards and frameworks (ISO 27001, NIST, NIS, IMO). This assessment includes a list of identified compliance gaps, issues and the impact that each can have on your organisation.

Specific recommendations for every identified gap, allowing their targeted remediation through procedural or technical actions and a swift increase in your compliance and strength of security controls.

Prioritisation of recommendations, offering short term (tactical) wins and long term (strategic) objectives based on your risk appetite and resources.

A first step for your strategy on cyber security.

Security Architecture Review

Considers existing systems, tools and technologies used in your organisation and increases security by indicating procedural and technical actions such as: network segregation, defined communication between systems, remote working protocols, user access management and others.

Assess the architectural diagrams and blueprints of your IT estate, identifying potential gaps or issues that can expose your perimeter and compromise your network.

In collaboration with your technical staff or providers, we supply realistic and achievable recommendations that enable you to make tangible improvements in your IT infrastructure at minimal cost.

Training and Awareness for Staff and Executives

We work with you and your staff to understand how your organisation operates and the typical user behaviour of staff, management, third parties and others in order to provide bespoke training and increase security awareness.

Our training methods focus on tailored scenario building for cyber-attacks with live role play, where our security specialists deliver presentations to staff based on real life cases, discussing typical user behaviour in unexpected situations and helping staff identify and respond to suspicious incidents.

We reinforce user awareness through the development of newsletters, training materials and videos that can be easily shared throughout your organization.