vCSO Deliverables

vCSO

Weekly

IT Status Meeting:

Attend IT status meeting to provide updates on projects, answer tactical security questions, and get decisions from leadership as needed; review any current security vulnerabilities and discuss how the organization may or may not be impacted.

Employee Security Training:

Weekly video training modules to keep the entire organization vigilant and educated on the current cyber threats. A company leaderboard and credit score-based rankings heighten the competitive spirt.

Monthly

IT Performance Analysis:


Audit monthly IT activities, document findings and initiate/request/validate any necessary changes


IT/IS Security Meeting:


Meeting to review issue progress, vulnerability test results, security project status, plan for upcoming events, and review/edit deliverables as needed


Simulated Phishing Exercises:


Deploy simulated fishing exercises and analyze results for frequent clickers or other signs and/or anomalies.


Backup/Continuity Review:


Review backup of all endpoint machines and servers to ensure that they are occurring on a timely basis and are within backup service legal agreement

Quarterly

User Privilege Review:


Review the list of line of business, M365 and domain users to ensure no unneeded users; verify tickets were created for user termination requests as well as any human resources changes


Leadership Meeting:


Meet with the executive team to provide updates on current trends in IT security, the latest vulnerability analysis, and status of IT projects


Disaster Recovery Testing:


Provide ongoing security analysis of network, provide & review report findings with leadership and assist in necessary remediation projects

Bi-Annually

Board Update Meeting:


Prepare and present updates for bi-annual cybersecurity risk board update

Annually

Chain-of-Custody Protocols:


Establish and maintain protocols for tracking of digital assets, ensuring secure handling and protection against unauthorized access


Policy Implem. & Review:


Implement, review, and update procedures


Penetration Testing:


Schedule, coordinate, and oversee third-party penetration testing; coordinate and remediate any findings from the testing


Vendor Security Audit:


Conduct security review of vendors; initiate/oversee vendor security changes as needed


Risk Assessment:


Review the different types of risk facing the business units; prioritize security and compliance investments and initiatives based on risk findings


PCI Self Assessment:


Complete and save to file the annual self-assessment questionaries for compliance purposes


Tabletop Exercise:


Perform annual table-top exercise of the disaster recovery plan/incident response plan with applicable IT vendors and company personnel


Inventory Data Assets:


Review the list of assets/vendors with the executive team on an annual basis, generally as part of quarterly IT executive meetings; review the list of Key Vendors in the IT security portal to ensure it is up to date

As-Needed

Site Visits:


Conduct in-person visits to the organization’s sites to review on-site security practices and initiate necessary changes


Threat Intelligence Emails:


Provide threat intelligence emails to the organization as relevant


Security Deliverables:


Provide other security deliverables and best practices as needed

Schedule a Consultation