vCSO Deliverables
vCSO
Weekly
IT Status Meeting:
Attend IT status meeting to provide updates on projects, answer tactical security questions, and get decisions from leadership as needed; review any current security vulnerabilities and discuss how the organization may or may not be impacted.
Employee Security Training:
Weekly video training modules to keep the entire organization vigilant and educated on the current cyber threats. A company leaderboard and credit score-based rankings heighten the competitive spirt.
Monthly
IT Performance Analysis:
Audit monthly IT activities, document findings and initiate/request/validate any necessary changes
IT/IS Security Meeting:
Meeting to review issue progress, vulnerability test results, security project status, plan for upcoming events, and review/edit deliverables as needed
Simulated Phishing Exercises:
Deploy simulated fishing exercises and analyze results for frequent clickers or other signs and/or anomalies.
Backup/Continuity Review:
Review backup of all endpoint machines and servers to ensure that they are occurring on a timely basis and are within backup service legal agreement
Quarterly
User Privilege Review:
Review the list of line of business, M365 and domain users to ensure no unneeded users; verify tickets were created for user termination requests as well as any human resources changes
Leadership Meeting:
Meet with the executive team to provide updates on current trends in IT security, the latest vulnerability analysis, and status of IT projects
Disaster Recovery Testing:
Provide ongoing security analysis of network, provide & review report findings with leadership and assist in necessary remediation projects
Bi-Annually
Board Update Meeting:
Prepare and present updates for bi-annual cybersecurity risk board update
Annually
Chain-of-Custody Protocols:
Establish and maintain protocols for tracking of digital assets, ensuring secure handling and protection against unauthorized access
Policy Implem. & Review:
Implement, review, and update procedures
Penetration Testing:
Schedule, coordinate, and oversee third-party penetration testing; coordinate and remediate any findings from the testing
Vendor Security Audit:
Conduct security review of vendors; initiate/oversee vendor security changes as needed
Risk Assessment:
Review the different types of risk facing the business units; prioritize security and compliance investments and initiatives based on risk findings
PCI Self Assessment:
Complete and save to file the annual self-assessment questionaries for compliance purposes
Tabletop Exercise:
Perform annual table-top exercise of the disaster recovery plan/incident response plan with applicable IT vendors and company personnel
Inventory Data Assets:
Review the list of assets/vendors with the executive team on an annual basis, generally as part of quarterly IT executive meetings; review the list of Key Vendors in the IT security portal to ensure it is up to date
As-Needed
Site Visits:
Conduct in-person visits to the organization’s sites to review on-site security practices and initiate necessary changes
Threat Intelligence Emails:
Provide threat intelligence emails to the organization as relevant
Security Deliverables:
Provide other security deliverables and best practices as needed