[cs_content][cs_section bg_color=”rgb(233, 231, 231)” parallax=”false” separator_top_type=”none” separator_top_height=”50px” separator_top_inset=”0px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_inset=”0px” separator_bottom_angle_point=”50″ _label=”Introduction” class=”cs-ta-center dark-section” style=”margin: 0px;padding: 50px 0px 45px;”][cs_row inner_container=”true” marginless_columns=”false” _label=”Row 1″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ _label=”1/1″ type=”1/1″ style=”padding: 0px;”][cs_element_image _id=”4″ ][cs_element_gap _id=”5″ ][cs_element_headline _id=”6″ ][x_raw_content style=”margin: 1em auto 0;max-width: 35em;color: #fff;”]
[/x_raw_content][/cs_column][/cs_row][/cs_section][cs_section bg_color=”rgb(255, 255, 255)” parallax=”false” separator_top_type=”none” separator_top_height=”50px” separator_top_inset=”0px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_inset=”0px” separator_bottom_angle_point=”50″ _label=”vCISO FAQ” style=”margin: 0px;padding: 45px 0px 30px;”][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ class=”cs-ta-left” style=”padding: 0px;”][cs_element_headline _id=”11″ ][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” _label=”New Item 2″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][cs_element_headline _id=”14″ ][cs_element_gap _id=”15″ ][x_accordion][x_accordion_item title=”What is a Virtual CISO?” open=”false”]
A Virtual CISO (vCISO) is a service designed to provide a combination of security guidance, practiced hands-on experience and security leadership when and where you need it most.
Our vCISO Program is a subscription-based security management offering that helps small to medium-sized (SMB) companies gain access to the knowledge, tools and hands on experience needed to manage and maintain an effective security program.
.
[/x_accordion_item][x_accordion_item title=”What's driving the demand for Virtual CISOs?” open=”false”]
Organizations are dealing with complexities that require the knowledge and hands-on experience of practiced Cybersecurity Professionals. Many businesses just don’t have the budget for hiring a full-time employee with the right level of experience.
Most organizations have staff who manage technology products but remain challenged when it comes to addressing their long-term or strategic security needs. Hiring full-time security executives to provide this strategy can be very expensive and unnecessary. SMB’s need a trusted advisor that can provide security leadership and guidance when and where it’s needed most.
[/x_accordion_item][x_accordion_item title=”Who should consider our vCISO Program?” open=”false”]
Small to medium-sized organizations need to adhere to a wide range of legal, regulatory and contractual security requirements but most don’t have the budget to hire a full-time CISO or don’t have enough work to keep a full-time CISO busy.
Our virtual Chief Information Security Officer (vCISO) Program provides small to medium-sized (SMB) organizations priority access to our extensive experience, security guidance and leadership when and where you need it most. We’ve designed this service to assist organization’s through the process of establishing, improving and managing an effective security program that addresses the many risk and compliance demands organizations continue to struggle with.
[/x_accordion_item][x_accordion_item title=”What services are included?” open=”false”]
We develop a unique blend of services based on your business objectives, security obligations and compliance requirements.
Our base plan includes 5 hours per month and provides you priority access to our extensive experience, guidance and leadership when and where you need it most. Additional monthly hours can purchased at a discounted rate. The base plan also includes the following services:
- Vulnerability Management as a Service | Continuous Security Testing, Monitoring and Validation
- Daily website malware scans for publicly accessible websites.
- Weekly web application vulnerability scans for publicly accessible websites.
- Quarterly vulnerability scans of on-premise and cloud-hosted Infrastructure.
- Company Appointed Security Officer
- Most organizations appoint “Security Officers” with very limited formal security training and their primary job function does not include security. When you subscribe to our Virtual CISO service, you get a highly qualified security officer with a wide range of specialized expertise to help augment internal capabilities.
- IT Contract Reviews
- The base plan allows for up to 2 contract reviews per month. Time allocated to any additional contract reviews will be deducted from the monthly allotted hours.
- Security assessment questionnaires
- The base plan allows for up to 2 security assessment questionnaires per month. Time spent responding to any additional security questionnaires will be deducted from the monthly allotted hours.
The monthly hours included with your vCISO program can be used for a wide range of services. Below are some of the more common activities.
- Ongoing development and maintenance of IT policies, processes and controls.
- Compliance assessments including PCI, HIPAA, SOC 1, SOC 2, ISO 27001 and GDPR.
- Risk assessments
- IT audits – Validation of internal security practices and controls
- Cybersecurity leadership and guidance
- Incident response planning and testing (Tabletop Exercises)
- DRP planning and testing (Tabletop Exercises)
- Customer and vendor contract reviews
- Responding to security assessment questionnaires from customers and partners
- Security awareness and training
- Penetration testing
- Social engineering
- Cloud Security
- DevOps Maturity Assessments
- Mergers & Acquisitions – IT Due Diligence
- Cyber Insurance Risk Assessment
- Security Program Maturity Assessments
- Breach Response – Incident Response Services
- Customer and vendor contract reviews
- Vendor and partner security assessments
- Vendor Evaluations with TCO Analysis
- IT cost optimization
- Security configuration reviews
- Vulnerability lifecycle management
- Web application security testing
- Identity and Access Management reviews
- IT Project Management
- And much more.
[/x_accordion_item][x_accordion_item title=”How much does a Virtual CISO Cost?” open=”false”]
Our base plan starts at $2,495 per month, includes 5 hours per month and provides you priority access to our extensive experience, guidance and leadership when and where you need it most. Additional monthly hours can be purchased at a discounted rate.
The number of monthly hours included in your subscription is dependent on your business objectives, security obligations and compliance requirements. Whether you need a lot of help, or just a little, you will have a qualified security professional available on a retainer basis as a member of your team, but without the overhead of full-time employees.
[/x_accordion_item][x_accordion_item title=”How many hours are included in the subscription?” open=”false”]
Our base plan includes 5 hours per month and provides you priority access to our extensive experience, guidance and leadership when and where you need it most. Subscribers can purchase additional monthly hours at a discounted rate.
The number of monthly hours included in your plan is dependent on your business objectives, security obligations and compliance requirements. We provide highly targeted services at a fraction of the cost for a full-time CISO.
Whether you need a lot of help, or just a little, you will have a qualified security professional available on a retainer basis as a member of your team, but without the overhead of full-time employees.
[/x_accordion_item][x_accordion_item title=”Does it matter where I'm located?” open=”false”]
We can deliver our vCISO Program services remotely or in-person. Many clients opt for a hybrid approach. We work with each client to find the right balance of on-site and remote activities to fit each organization’s budget and culture.
[/x_accordion_item][/x_accordion][x_raw_content][go_pricing id=”vcisotable01_5a559304e3f16″][/x_raw_content][/cs_column][/cs_row][/cs_section][cs_section parallax=”false” separator_top_type=”angle-in” separator_top_height=”50px” separator_top_inset=”0px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_inset=”0px” separator_bottom_angle_point=”50″ _label=”vCISO Value Block” class=”cs-hide-xl cs-hide-lg cs-hide-md cs-hide-sm cs-hide-xs” style=”margin: 0px;padding: 45px 0px;”][cs_row inner_container=”true” marginless_columns=”false” _label=”New Item 1″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][x_image type=”none” src=”https://securepoint360.com/wp-content/uploads/2017/06/value-01.png” alt=”” link=”false” href=”#” title=”” target=”” info=”none” info_place=”top” info_trigger=”hover” info_content=””][/cs_column][/cs_row][/cs_section][cs_section bg_color=”rgb(233, 231, 231)” parallax=”true” separator_top_type=”none” separator_top_height=”50px” separator_top_inset=”0px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_inset=”0px” separator_bottom_angle_point=”50″ _label=”Marginless Columns” style=”margin: 0px;padding: 0px;”][cs_row inner_container=”true” marginless_columns=”false” _label=”New Item 2″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][x_gap size=”25px”][cs_element_headline _id=”33″ ][x_line style=”border-top-color: hsl(240, 1%, 35%);border-top-width: 3.5px;width: 100%;”][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” _label=”New Item 3″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Security Assessments” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”search-plus” class=”MVN”]Includes security program maturity assessments, Third-party and internal risk assessments. [/x_feature_box][x_accordion][x_accordion_item title=”Design & Build” open=”false”]
We provide customized, comprehensive security assessments based on organizational requirements, client-facing obligations, best practices & industry standards. We incorporate your organization’s policy requirements for corporate governance.
We offer the following types of Security Assessments:
- -Security Program Maturity/Gap Assessments.
- -Internal Risk Assessments.
- -Partner Risk Assessments.
- -Vendor Risk Assessments.
[/x_accordion_item][x_accordion_item title=”Launch & Track” open=”false”]
We assign subject matter experts to monitor Security Assessment response activity in real-time using dashboards and reports.
- -We help you automate risk and compliance data gathering through campaigns. We track overall campaign progress & response activity in real time.
- -Easily reassign and delegate questions and campaigns based on business process adjustments and updates.
[/x_accordion_item][x_accordion_item title=”Analyze & Report” open=”false”]We analyze responses across campaigns, track the progress of critical security assessment campaign components and effectively communicate the results to the appropriate audiences.
- We’re able to provide executive-level reporting as well as detailed drill-down views for auditors and compliance officers.
[/x_accordion_item][/x_accordion][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Web Application Scanning” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”lock” class=”MVN”]Regularly discover, catalog and scan web apps for vulnerabilities and website misconfigurations.[/x_feature_box][x_accordion][x_accordion_item title=”Discover” open=”false”]As the number of web applications in your organization increases, keeping them organized is critical to proper security hygiene. We perform a thorough discovery and classify assets using dynamic tagging to organize host assets by role to the business.
- Visually map every web application on the network.
- Details each device by OS, ports, services and certificates.
- Helps to continuously monitor your client-facing web applications keeping you in control of security.
- Application discovery and cataloging – We find new and unknown web applications across your network.
[/x_accordion_item][x_accordion_item title=”Assess” open=”false”]
We efficiently scan for web application vulnerabilities
everywhere. Monitor your perimeter for unexpected changes.
- -Web application Vulnerability scanning. Detect OWASP Top 10 risks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection. Then we prioritize them and focus on the issues that will have the most impact.
- -Includes web applications on the perimeter and internal networks, and elastic cloud networks (Amazon, Azure, Google).
- -Incorporated penetration testing data keeps web application testing data in one place for integrated analysis.
- -Results provide accurate, prioritized actionable results.
- -Provides continuous insight into your organization’s ongoing attack-surface and associated risk/liability.
- -Website Malware Monitoring. Includes continuous Malware detection that finds hidden malware before it attacks users visiting your websites/web applications. Protect your organization’s reputation and your users security by rooting out malicious code and content that’s been hidden in your website or applications. Advanced behavioral analysis helps identify even zero-day malware that eludes anti-virus and anti-spyware packages.
[/x_accordion_item][x_accordion_item title=”Prioritize” open=”false”]
Running regularly scheduled web application scans helps to identify the highest risks to the business using trend analysis, zero-day and patch impact predictions.
- -Our experience and knowledge helps put critical issues into context.
- -We help you spot trends, see what’s changed since the last scan and accurately predict which hosts are at risk…even for zero-day attacks.
[/x_accordion_item][x_accordion_item title=”Remediate” open=”false”]
We monitor the life-cycle of your web application vulnerabilities and help manage the
remediation process.
- -Our service helps keep your team focused on core-competency & revenue generating activities.
- -We assign remediation tickets and manage exceptions.
- -Provide lists of patches by priority for each host and we help manage exception process.
[/x_accordion_item][x_accordion_item title=”Inform” open=”false”]
We provide comprehensive
role-based progress reports that document progress for IT, business executives and auditors.
- -Our service provides context & insight, not just a data dump.
- -Continuous monitoring and insight into on-going progress with your organization’s risk management program.
[/x_accordion_item][/x_accordion][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Vulnerability Management” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”heartbeat” class=”MVN”]Scan Perimeter, Internal & Cloud environments. Enterprise-wide vulnerability scanning and Website Malware Monitoring.[/x_feature_box][x_accordion][x_accordion_item title=”Discover” open=”false”]
We help manage & reduce risk by finding the official and “unofficial” devices that may be hiding in your environment. We provide quick and accurate visibility into vulnerabilities across your organization. As the number of devices in your organization continues to rise, keeping them organized is crucial to proper security hygiene.
- -Visually map every device and application on the network.
- -Identify which OS, ports, services and certificates are on each device.
- -Details each device by OS, ports, services and certificates.
- -Device discovery and cataloging – we find new and unknown devices across your network.
- -Continuously monitor your perimeter for unexpected changes.
- -Assign a business impact to each asset.
- -Dynamically tag assets to automatically categorize hosts.
[/x_accordion_item][x_accordion_item title=”Assess” open=”false”]
We scan for vulnerabilities everywhere, accurately and efficiently. We automatically update vulnerability statuses to provide you with key information about what issues are new, ongoing and fixed. And with Progressive Scanning, we provide even better coverage over multiple scans, enabling continuous testing of your web applications.
- -Includes devices and applications on perimeter and internal
networks, and elastic cloud networks (Amazon, Azure, and Google). - -Includes scalable, high-accuracy progressive
scanning that saves time and keeps focus
on what matters most. - -Authenticated scanning available to automatically log in to test like a real user.
- -Scanning tools support Selenium to enable
complex authentication or workflow sequences for better scan coverage. - -Access to scheduled and on demand scanning services.
[/x_accordion_item][x_accordion_item title=”Prioritize” open=”false”]
Identify the highest business risks & manage those risks using trend analysis, Zero-Day and patch impact predictions. We scan and analyze OS and application configurations on each target host.
- -Track vulnerabilities as they appear, are fixed, or reappear.
- -Put critical issues into context with our expert advisory services.
- -Monitor certificates deployed throughout your network.
- -Spot trends, see what’s changed.
- -Predict which hosts are at risk for Zero-Day Attacks.
- -See which hosts need updates after Patch Tuesday.
[/x_accordion_item][x_accordion_item title=”Remediate” open=”false”]
We monitor the life-cycle of vulnerabilities and validate the remediation process.
- -Monitor vulnerabilities over time, assign tickets, and manage exceptions.
- -We keep track of everything so your team can stay focused on revenue generating activities.
- -Provide lists of patches by priority for each host and manage exceptions.
- -Keep track of vulnerabilities and actions taken.
- -Create per-host patch lists.
[/x_accordion_item][x_accordion_item title=”Inform” open=”false”]
We provide comprehensive
reports that document progress for IT, business executives, customers and auditors.
- -Service provides context & insight, not just a data dump.
- -Continuous monitoring and insight into ongoing progress with your organizaion’s vulnerability management goals.
[/x_accordion_item][/x_accordion][cs_element_gap _id=”58″ ][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Governance, Risk & Compliance” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”shield” class=”MVN”]Includes policy, process, control development & maintenance. Ongoing risk management and policy compliance scanning. [/x_feature_box][x_accordion][x_accordion_item title=”Define Policies” open=”false”]
We integrate with your IT staff to help define & refine policies, processes, controls based on IT standards best practices for hardening configurations and complying with relevant regulations and audit standards.
- -Policy, process, control development & maintenance
- -Define configuration policies required for different environments and classified assets.
- -Draw from a library of extensively used policies certified by CIS, including COBIT, ISO, NIST, ITIL, HIPAA, FFIEC, NERC-CIP and
User Defined Regulatory Cross Reference.
[/x_accordion_item][x_accordion_item title=”Specify Controls” open=”false”]
We select host and application settings to automatically check for each policy.
- -We selectively choose which configuration settings to monitor from a rich library of controls for OSes, network devices, databases and applications.
- -We’re able to create custom controls based on your organization’s requirements.
- -We’re able to test controls immediately without re-scanning or reporting.
- -Translate how controls relate to critical frameworks and regulations.
[/x_accordion_item][x_accordion_item title=”Assess” open=”false”]
We Scan and analyze OS and application configurations on each target host against your defined requirements.
- -Monitor & scan security configuration files anywhere on premise, or in private or public clouds from a single console.
- -See how controls relate to critical frameworks and regulations
- -Test new controls immediately without rescanning or reporting.
- -Monitor arbitrary files on Windows and Unix/Linux hosts for changes so that unexpected modifications can be caught quickly.
[/x_accordion_item][x_accordion_item title=”Remediate” open=”false”]
We help you fix violations and configuration “drift” early – before audits – while also documenting and managing exceptions centrally.
- -Catch configuration “drift” while it’s easy to fix and before it results in a compliance issue or breach.
- -We help you manage exceptions via a
documented approvals process. - -Be confident that 3rd party audits will show compliance, not uncover violations.
[/x_accordion_item][x_accordion_item title=”Inform” open=”false”]
We provide comprehensive
role-based reports that document progress for IT, business executives and auditors.
- -Report any time, any place –
without re-scanning. - -Document that policies are
followed and lapses get fixed. - -Enables data-driven risk and compliance management for your organization.
[/x_accordion_item][/x_accordion][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” _label=”Copy of New Item 3″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Disaster Recovery (DR) ” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”umbrella” class=”MVN”]Assist with the development and maintenance of business continuity and disaster recovery programs. [/x_feature_box][x_accordion][x_accordion_item title=”Preparedness” open=”false”]
Preparing to handle a CritSit/DR Event.
- -Includes participating in DR Testing.
- -Participate in the planning and preparation for responding to DR events.
[/x_accordion_item][x_accordion_item title=”Response” open=”false”]
We help you to respond more readily & effectively to DR Events.
- -Includes assessment activities related to preventing further damage during a DR event.
[/x_accordion_item][x_accordion_item title=”Recovery” open=”false”]
We help your organization speed up the recovery process.
- -Includes recovery activities that take place after a DR event has taken place.
[/x_accordion_item][x_accordion_item title=”Mitigation” open=”false”]
Prevent future DR Events or minimize their impact.
- -Mitigation activities take place both before and after DR events.
- -Includes activities that prevent a critical situation/DR Event from occurring, reduces the chance of an event happening, or reduce the damaging effects of unavoidable DR events.
[/x_accordion_item][/x_accordion][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Incident Response” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”fire-extinguisher” class=”MVN”]Provides support and coordination during ongoing cybersecurity incidents. [/x_feature_box][x_accordion][x_accordion_item title=”Notification” open=”false”]
We help to develop customer-facing notifications & communications during security incidents.
- -Help to optimize communication methods & communication channels used during a security incident.
- -Assist with crafting appropriate customer-facing communications during a security incidents.
- -Play a supporting role during customer incident discussions.
[/x_accordion_item][x_accordion_item title=”Analysis & Response” open=”false”]
Triggered by a security event. This includes reports of compromised hosts, wide-spreading malicious code, software vulnerabilities, or something that was identified by an intrusion detection or logging system.
- -Aide in incident analysis.
- -Assess scope of incident damage.
- -Collect, document and preserve incident evidence.
- -Maintain chain of custody of all incident evidence.
- -Assist preparation of recommendations to resolve incident and/or reduce impact of incident.
- -Assist investigation to identify incident root cause or source, extent of damage, and recommended counter action.
- -Incident Response Support.
- -Assist control and containment of incident.
[/x_accordion_item][x_accordion_item title=”Coordination” open=”false”]
Incident response coordination & collaboration.
- -Coordinate the incident response effort across the relevant departments within an organization. Includes coordinating efforts with internal & 3rd party vendors when applicable.
- -Provide assistance in the analysis of the attack.
- -Capture & collect contact information and other relevant details related to the security incident (scribe function).
- -Facilitate information exchanges and analysis.
[/x_accordion_item][x_accordion_item title=”Tracking of Records” open=”false”]
We help you track & maintain the incident details and associated records.
- -Assist preparation of reports describing incident investigations.
- -Document incident details and help you ensure you retain proper records.
[/x_accordion_item][/x_accordion][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Security Awareness” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”group” class=”MVN”]Get your employees the ongoing security education needed to combat the continuously evolving threat landscape.[/x_feature_box][x_accordion][x_accordion_item title=”Mentoring & Training” open=”false”]
We provide on-demand, interactive browser-based employee security awareness training.
- -Quarterly Employee Security Awareness Training.
- -Pass/Fail Evaluation at end of each session.
- -Employee sign-off/confirmation required at end of quarterly curriculum.
[/x_accordion_item][x_accordion_item title=”Phishing Simulations” open=”false”]
Phishing Simulations to help employees practice what they learn during employee security awareness.
- -Performing ongoing phishing simulations helps to keep employees practiced & reinforces good security habits.
[/x_accordion_item][x_accordion_item title=”Evaluate” open=”false”]
Ongoing feedback, quizzes and surveys help us to evaluate the content and approach on an ongoing basis.
[/x_accordion_item][/x_accordion][cs_element_gap _id=”88″ ][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/4″ style=”padding: 0px;”][x_feature_box title=”Cloud Security Planning” title_color=”hsl(240, 1%, 35%)” text_color=”” graphic=”icon” graphic_size=”110px” graphic_shape=”circle” graphic_color=”hsl(205, 86%, 40%)” graphic_bg_color=”hsla(0, 0%, 0%, 0)” align_h=”center” align_v=”top” side_graphic_spacing=”20px” max_width=”300PX” graphic_border=”border-width: 4px 4px 4px 4px; border-style: solid; border-color: ;” graphic_icon=”cloud” class=”MVN”]Security guidance for all stages of your cloud deployments. Assistance with navigating the many security challenges faced when planning and adopting cloud services.[/x_feature_box][x_accordion][x_accordion_item title=”Cloud Security Controls” open=”false”]
We identify security controls that must be in place post cloud migration to meet your security obligations and follow best practices.
[/x_accordion_item][x_accordion_item title=”Shared Responsibility” open=”false”]
Security and Compliance is a shared responsibility between cloud service providers and those consuming their cloud-based services.
- -We help ensure that the cloud provider has and can supply the necessary paperwork to prove security and compliance certifications such as ISO, SOC II, SSAE18, PCI, GDPR, etc.
- -We also help ensure that our clients are aware of their security and compliance responsibilities when it comes to security in the cloud. The shared responsibility model is often misunderstood by consumers of cloud service.
[/x_accordion_item][x_accordion_item title=”Service Contract Reviews” open=”false”]
- -Services contracts review
- -Data destruction/reclamation clauses
- -Cloud Maintenance clauses
- -Service Level Agreements, and more
[/x_accordion_item][/x_accordion][/cs_column][/cs_row][/cs_section][cs_section bg_color=”rgb(255, 255, 255)” parallax=”false” separator_top_type=”none” separator_top_height=”50px” separator_top_inset=”0px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_inset=”0px” separator_bottom_angle_point=”50″ _label=”Confidentiality, Integrity, & Availability” style=”margin: 0px;padding: 0px 0px 50px;”][cs_row inner_container=”true” marginless_columns=”false” _label=”Row 1″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ _label=”1/1″ type=”1/1″ style=”padding: 0px;”][cs_element_gap _id=”98″ ][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” _label=”New Item 3″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][x_gap size=”50px”][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” _label=”Copy of Row 1″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”true” fade_animation=”in-from-left” fade_animation_offset=”45px” fade_duration=”750″ _label=”1/1″ type=”1/3″ style=”padding: 0px;”][x_image type=”none” src=”https://securepoint360.com/wp-content/uploads/2017/06/IT-CIA-1.png” alt=”” link=”false” href=”#” title=”” target=”” info=”none” info_place=”top” info_trigger=”hover” info_content=””][cs_text]
- Confidentiality: Ensures data is accessed by only authorized persons.
- Integrity: Assures data can be trusted, that is, it is only edited by authorized persons and always remains in its original state when at rest.
- Availability: Data is always available when required.
[/cs_text][/cs_column][cs_column fade=”true” fade_animation=”in-from-right” fade_animation_offset=”45px” fade_duration=”750″ _label=”1/1″ type=”2/3″ style=”padding: 0px;”][x_custom_headline level=”h2″ looks_like=”h2″ accent=”false” class=”cs-ta-center man”]Prioritize Security Obligations[/x_custom_headline][x_blockquote cite=”All of your clients” type=”center”]Which is most important? Confidentiality, Integrity, or Availability?
“ALL OF THE ABOVE”[/x_blockquote][cs_text]
Don’t choose between your client, business, or regulatory obligations. Improve your security program today with our vCISO Program!
[/cs_text][/cs_column][/cs_row][/cs_section][cs_section parallax=”false” separator_top_type=”none” separator_top_height=”50px” separator_top_inset=”0px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_inset=”0px” separator_bottom_angle_point=”50″ _label=”Call to Action” style=”margin: 0px;padding: 0px;”][cs_row inner_container=”false” marginless_columns=”false” _label=”Row 1″ style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ _label=”1/1″ type=”1/1″ style=”padding: 0px;”][x_creative_cta padding=”25px 25px 25px 25px” text=”Request a Free Consultation” font_size=”45px” icon=”arrow-right” icon_size=”75px” animation=”slide-right” link=”https://securepoint360.com/get-in-touch/” color=”” bg_color=”hsl(205, 86%, 40%)” bg_color_hover=”hsl(240, 1%, 35%)”][/cs_column][/cs_row][/cs_section][/cs_content][cs_content_seo]At SecurePoint 360, we’re obsessed with security, risk management, and making things better.
Virtual Chief Information Security Officer
Virtual CISO Program | Frequently Asked Questions
What is a Virtual CISO?A Virtual CISO (vCISO) is a service designed to provide a combination of security guidance, practiced hands-on experience and security leadership when and where you need it most.
Our vCISO Program is a subscription-based security management offering that helps small to medium-sized (SMB) companies gain access to the knowledge, tools and hands on experience needed to manage and maintain an effective security program.
.What's driving the demand for Virtual CISOs?Organizations are dealing with complexities that require the knowledge and hands-on experience of practiced Cybersecurity Professionals. Many businesses just don’t have the budget for hiring a full-time employee with the right level of experience.
Most organizations have staff who manage technology products but remain challenged when it comes to addressing their long-term or strategic security needs. Hiring full-time security executives to provide this strategy can be very expensive and unnecessary. SMB’s need a trusted advisor that can provide security leadership and guidance when and where it’s needed most.Who should consider our vCISO Program?Small to medium-sized organizations need to adhere to a wide range of legal, regulatory and contractual security requirements but most don’t have the budget to hire a full-time CISO or don’t have enough work to keep a full-time CISO busy.
Our virtual Chief Information Security Officer (vCISO) Program provides small to medium-sized (SMB) organizations priority access to our extensive experience, security guidance and leadership when and where you need it most. We’ve designed this service to assist organization’s through the process of establishing, improving and managing an effective security program that addresses the many risk and compliance demands organizations continue to struggle with.What services are included?We develop a unique blend of services based on your business objectives, security obligations and compliance requirements.
Our base plan includes 5 hours per month and provides you priority access to our extensive experience, guidance and leadership when and where you need it most. Additional monthly hours can purchased at a discounted rate. The base plan also includes the following services:
Vulnerability Management as a Service | Continuous Security Testing, Monitoring and Validation
Daily website malware scans for publicly accessible websites.
Weekly web application vulnerability scans for publicly accessible websites.
Quarterly vulnerability scans of on-premise and cloud-hosted Infrastructure.
Company Appointed Security Officer
Most organizations appoint “Security Officers” with very limited formal security training and their primary job function does not include security. When you subscribe to our Virtual CISO service, you get a highly qualified security officer with a wide range of specialized expertise to help augment internal capabilities.
IT Contract Reviews
The base plan allows for up to 2 contract reviews per month. Time allocated to any additional contract reviews will be deducted from the monthly allotted hours.
Security assessment questionnaires
The base plan allows for up to 2 security assessment questionnaires per month. Time spent responding to any additional security questionnaires will be deducted from the monthly allotted hours.
The monthly hours included with your vCISO program can be used for a wide range of services. Below are some of the more common activities.
Ongoing development and maintenance of IT policies, processes and controls.
Compliance assessments including PCI, HIPAA, SOC 1, SOC 2, ISO 27001 and GDPR.
Risk assessments
IT audits – Validation of internal security practices and controls
Cybersecurity leadership and guidance
Incident response planning and testing (Tabletop Exercises)
DRP planning and testing (Tabletop Exercises)
Customer and vendor contract reviews
Responding to security assessment questionnaires from customers and partners
Security awareness and training
Penetration testing
Social engineering
Cloud Security
DevOps Maturity Assessments
Mergers & Acquisitions – IT Due Diligence
Cyber Insurance Risk Assessment
Security Program Maturity Assessments
Breach Response – Incident Response Services
Customer and vendor contract reviews
Vendor and partner security assessments
Vendor Evaluations with TCO Analysis
IT cost optimization
Security configuration reviews
Vulnerability lifecycle management
Web application security testing
Identity and Access Management reviews
IT Project Management
And much more.
How much does a Virtual CISO Cost?Our base plan starts at $2,495 per month, includes 5 hours per month and provides you priority access to our extensive experience, guidance and leadership when and where you need it most. Additional monthly hours can be purchased at a discounted rate.
The number of monthly hours included in your subscription is dependent on your business objectives, security obligations and compliance requirements. Whether you need a lot of help, or just a little, you will have a qualified security professional available on a retainer basis as a member of your team, but without the overhead of full-time employees.How many hours are included in the subscription?Our base plan includes 5 hours per month and provides you priority access to our extensive experience, guidance and leadership when and where you need it most. Subscribers can purchase additional monthly hours at a discounted rate.
The number of monthly hours included in your plan is dependent on your business objectives, security obligations and compliance requirements. We provide highly targeted services at a fraction of the cost for a full-time CISO.
Whether you need a lot of help, or just a little, you will have a qualified security professional available on a retainer basis as a member of your team, but without the overhead of full-time employees.Does it matter where I'm located?We can deliver our vCISO Program services remotely or in-person. Many clients opt for a hybrid approach. We work with each client to find the right balance of on-site and remote activities to fit each organization’s budget and culture.#go-pricing-table-2716 .gw-go { margin-left:-10px; } #go-pricing-table-2716 .gw-go-col { margin-left:10px; } #go-pricing-table-2716 .gw-go-col-wrap { min-width:130px; } #go-pricing-table-2716 .gw-go-col-inner { border-radius:3px 3px 3px 3px; } #go-pricing-table-2716 ul.gw-go-body, #go-pricing-table-2716 ul.gw-go-body li { border:none !important; padding-top:1px; } #go-pricing-table-2716 ul.gw-go-body li .gw-go-body-cell { padding-top:1px; } #go-pricing-table-2716 ul.gw-go-body { padding-bottom:1px; } #go-pricing-table-2716 .gw-go-tooltip-content { background-color:#333333;color:#ffffff;max-width:180px; } #go-pricing-table-2716 .gw-go-tooltip:before { border-top-color:#333333; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-header, #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-btn { background-color:#0e74bc; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-coinf div, #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-coinb div { color:#0e74bc; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-header h3 { font-size:19px !important; line-height:26px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-price-wrap > span{ font-size:22px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”0″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”1″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”2″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”3″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”4″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”5″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-body li[data-row-index=”6″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-footer-row[data-row-index=”0″] { font-size:2px !important; line-height:2px !important; } #go-pricing-table-2716 .gw-go-col-wrap-0 .gw-go-footer-row[data-row-index=”1″] .gw-go-btn { font-size:14px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-header, #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-btn { background-color:#0e74bc; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-coinf div, #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-coinb div { color:#0e74bc; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-header h3 { font-size:19px !important; line-height:26px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-price-wrap > span{ font-size:22px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”0″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”1″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”2″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”3″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”4″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”5″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”6″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”7″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-body li[data-row-index=”8″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-footer-row[data-row-index=”0″] { font-size:2px !important; line-height:2px !important; } #go-pricing-table-2716 .gw-go-col-wrap-1 .gw-go-footer-row[data-row-index=”1″] .gw-go-btn { font-size:14px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-header, #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-btn { background-color:#0e74bc; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-coinf div, #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-coinb div { color:#0e74bc; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-header h3 { font-size:19px !important; line-height:26px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-price-wrap > span{ font-size:22px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-body li[data-row-index=”0″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-body li[data-row-index=”1″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-body li[data-row-index=”2″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-body li[data-row-index=”3″] { font-size:14px !important; line-height:16px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-footer-row[data-row-index=”0″] { font-size:2px !important; line-height:2px !important; } #go-pricing-table-2716 .gw-go-col-wrap-2 .gw-go-footer-row[data-row-index=”1″] .gw-go-btn { font-size:14px !important; } #go-pricing-table-2716 .gw-go { visibility:inherit; }@media only screen and (min-width: 480px) and (max-width: 767px) { #go-pricing-table-2716 .gw-go-col-wrap { width:50%; } }@media only screen and (max-width: 479px) { #go-pricing-table-2716 .gw-go-col-wrap { width:100%; } }Analyze Threat & Vulnerability ManagementIT Asset Discovery & ClassificationWebsite Malware DetectionWeb Application Security TestingEnterprise-wide Vulnerability ScansPolicy Compliance ScanningSCAP Compliance AuditingRemediation Tracking & Validation Request More InfoComplyCompliance, Policies & ControlsSecurity Program ManagementSecurity Policy Development & MaintenanceCompliance Examination Prep & MaintenanceIncident Response Plan Development & TestingDisaster Recovery Plan Development & TestingVulnerability Mgmt Plan Development & MaintenanceInternal IT Risk AssessmentsCloud Migration Security PlanningVendor & Partner Security Assessments Request More InfoProtectSecurity Awareness & TrainingPhishing Simulations/TestingThreat Bulletins/NotificationsRole-based Knowledge AssessmentsCritical Process Training Request More Info
vCISO Program | Detailed Features
Security AssessmentsIncludes security program maturity assessments, Third-party and internal risk assessments. Design & BuildWe provide customized, comprehensive security assessments based on organizational requirements, client-facing obligations, best practices & industry standards. We incorporate your organization’s policy requirements for corporate governance. We offer the following types of Security Assessments:-Security Program Maturity/Gap Assessments.-Internal Risk Assessments.-Partner Risk Assessments.-Vendor Risk Assessments.Launch & TrackWe assign subject matter experts to monitor Security Assessment response activity in real-time using dashboards and reports.-We help you automate risk and compliance data gathering through campaigns. We track overall campaign progress & response activity in real time.-Easily reassign and delegate questions and campaigns based on business process adjustments and updates.Analyze & ReportWe analyze responses across campaigns, track the progress of critical security assessment campaign components and effectively communicate the results to the appropriate audiences.
We’re able to provide executive-level reporting as well as detailed drill-down views for auditors and compliance officers.
Web Application ScanningRegularly discover, catalog and scan web apps for vulnerabilities and website misconfigurations.DiscoverAs the number of web applications in your organization increases, keeping them organized is critical to proper security hygiene. We perform a thorough discovery and classify assets using dynamic tagging to organize host assets by role to the business.
Visually map every web application on the network.
Details each device by OS, ports, services and certificates.
Helps to continuously monitor your client-facing web applications keeping you in control of security.
Application discovery and cataloging – We find new and unknown web applications across your network.
AssessWe efficiently scan for web application vulnerabilities everywhere. Monitor your perimeter for unexpected changes.-Web application Vulnerability scanning. Detect OWASP Top 10 risks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection. Then we prioritize them and focus on the issues that will have the most impact.-Includes web applications on the perimeter and internal networks, and elastic cloud networks (Amazon, Azure, Google).-Incorporated penetration testing data keeps web application testing data in one place for integrated analysis.-Results provide accurate, prioritized actionable results.-Provides continuous insight into your organization’s ongoing attack-surface and associated risk/liability.-Website Malware Monitoring. Includes continuous Malware detection that finds hidden malware before it attacks users visiting your websites/web applications. Protect your organization’s reputation and your users security by rooting out malicious code and content that’s been hidden in your website or applications. Advanced behavioral analysis helps identify even zero-day malware that eludes anti-virus and anti-spyware packages.PrioritizeRunning regularly scheduled web application scans helps to identify the highest risks to the business using trend analysis, zero-day and patch impact predictions.-Our experience and knowledge helps put critical issues into context. -We help you spot trends, see what’s changed since the last scan and accurately predict which hosts are at risk…even for zero-day attacks.RemediateWe monitor the life-cycle of your web application vulnerabilities and help manage the remediation process.-Our service helps keep your team focused on core-competency & revenue generating activities.-We assign remediation tickets and manage exceptions. -Provide lists of patches by priority for each host and we help manage exception process.InformWe provide comprehensive role-based progress reports that document progress for IT, business executives and auditors.-Our service provides context & insight, not just a data dump.-Continuous monitoring and insight into on-going progress with your organization’s risk management program.Vulnerability ManagementScan Perimeter, Internal & Cloud environments. Enterprise-wide vulnerability scanning and Website Malware Monitoring.DiscoverWe help manage & reduce risk by finding the official and “unofficial” devices that may be hiding in your environment. We provide quick and accurate visibility into vulnerabilities across your organization. As the number of devices in your organization continues to rise, keeping them organized is crucial to proper security hygiene. -Visually map every device and application on the network.-Identify which OS, ports, services and certificates are on each device.-Details each device by OS, ports, services and certificates.-Device discovery and cataloging – we find new and unknown devices across your network. -Continuously monitor your perimeter for unexpected changes.-Assign a business impact to each asset.-Dynamically tag assets to automatically categorize hosts.AssessWe scan for vulnerabilities everywhere, accurately and efficiently. We automatically update vulnerability statuses to provide you with key information about what issues are new, ongoing and fixed. And with Progressive Scanning, we provide even better coverage over multiple scans, enabling continuous testing of your web applications.-Includes devices and applications on perimeter and internal networks, and elastic cloud networks (Amazon, Azure, and Google).-Includes scalable, high-accuracy progressive scanning that saves time and keeps focus on what matters most.-Authenticated scanning available to automatically log in to test like a real user.-Scanning tools support Selenium to enable complex authentication or workflow sequences for better scan coverage.-Access to scheduled and on demand scanning services. Prioritize Identify the highest business risks & manage those risks using trend analysis, Zero-Day and patch impact predictions. We scan and analyze OS and application configurations on each target host.-Track vulnerabilities as they appear, are fixed, or reappear. -Put critical issues into context with our expert advisory services.-Monitor certificates deployed throughout your network.-Spot trends, see what’s changed.-Predict which hosts are at risk for Zero-Day Attacks.-See which hosts need updates after Patch Tuesday.RemediateWe monitor the life-cycle of vulnerabilities and validate the remediation process.-Monitor vulnerabilities over time, assign tickets, and manage exceptions.-We keep track of everything so your team can stay focused on revenue generating activities.-Provide lists of patches by priority for each host and manage exceptions.-Keep track of vulnerabilities and actions taken.-Create per-host patch lists.InformWe provide comprehensive reports that document progress for IT, business executives, customers and auditors.-Service provides context & insight, not just a data dump.-Continuous monitoring and insight into ongoing progress with your organizaion’s vulnerability management goals.
Governance, Risk & ComplianceIncludes policy, process, control development & maintenance. Ongoing risk management and policy compliance scanning. Define PoliciesWe integrate with your IT staff to help define & refine policies, processes, controls based on IT standards best practices for hardening configurations and complying with relevant regulations and audit standards.-Policy, process, control development & maintenance-Define configuration policies required for different environments and classified assets.-Draw from a library of extensively used policies certified by CIS, including COBIT, ISO, NIST, ITIL, HIPAA, FFIEC, NERC-CIP and User Defined Regulatory Cross Reference.Specify ControlsWe select host and application settings to automatically check for each policy.-We selectively choose which configuration settings to monitor from a rich library of controls for OSes, network devices, databases and applications.-We’re able to create custom controls based on your organization’s requirements.-We’re able to test controls immediately without re-scanning or reporting.-Translate how controls relate to critical frameworks and regulations.AssessWe Scan and analyze OS and application configurations on each target host against your defined requirements.-Monitor & scan security configuration files anywhere on premise, or in private or public clouds from a single console.-See how controls relate to critical frameworks and regulations-Test new controls immediately without rescanning or reporting.-Monitor arbitrary files on Windows and Unix/Linux hosts for changes so that unexpected modifications can be caught quickly.RemediateWe help you fix violations and configuration “drift” early – before audits – while also documenting and managing exceptions centrally.-Catch configuration “drift” while it’s easy to fix and before it results in a compliance issue or breach.-We help you manage exceptions via a documented approvals process.-Be confident that 3rd party audits will show compliance, not uncover violations.InformWe provide comprehensive role-based reports that document progress for IT, business executives and auditors.-Report any time, any place – without re-scanning.-Document that policies are followed and lapses get fixed.-Enables data-driven risk and compliance management for your organization.Disaster Recovery (DR) Assist with the development and maintenance of business continuity and disaster recovery programs. PreparednessPreparing to handle a CritSit/DR Event.-Includes participating in DR Testing.-Participate in the planning and preparation for responding to DR events.ResponseWe help you to respond more readily & effectively to DR Events.-Includes assessment activities related to preventing further damage during a DR event.RecoveryWe help your organization speed up the recovery process. -Includes recovery activities that take place after a DR event has taken place.MitigationPrevent future DR Events or minimize their impact. -Mitigation activities take place both before and after DR events.-Includes activities that prevent a critical situation/DR Event from occurring, reduces the chance of an event happening, or reduce the damaging effects of unavoidable DR events.Incident ResponseProvides support and coordination during ongoing cybersecurity incidents. NotificationWe help to develop customer-facing notifications & communications during security incidents. -Help to optimize communication methods & communication channels used during a security incident. -Assist with crafting appropriate customer-facing communications during a security incidents.-Play a supporting role during customer incident discussions.Analysis & ResponseTriggered by a security event. This includes reports of compromised hosts, wide-spreading malicious code, software vulnerabilities, or something that was identified by an intrusion detection or logging system. -Aide in incident analysis.-Assess scope of incident damage.-Collect, document and preserve incident evidence.-Maintain chain of custody of all incident evidence.-Assist preparation of recommendations to resolve incident and/or reduce impact of incident. -Assist investigation to identify incident root cause or source, extent of damage, and recommended counter action.-Incident Response Support.-Assist control and containment of incident.CoordinationIncident response coordination & collaboration. -Coordinate the incident response effort across the relevant departments within an organization. Includes coordinating efforts with internal & 3rd party vendors when applicable.-Provide assistance in the analysis of the attack. -Capture & collect contact information and other relevant details related to the security incident (scribe function).-Facilitate information exchanges and analysis.Tracking of RecordsWe help you track & maintain the incident details and associated records. -Assist preparation of reports describing incident investigations.-Document incident details and help you ensure you retain proper records.Security AwarenessGet your employees the ongoing security education needed to combat the continuously evolving threat landscape.Mentoring & TrainingWe provide on-demand, interactive browser-based employee security awareness training. -Quarterly Employee Security Awareness Training.-Pass/Fail Evaluation at end of each session.-Employee sign-off/confirmation required at end of quarterly curriculum.Phishing SimulationsPhishing Simulations to help employees practice what they learn during employee security awareness.-Performing ongoing phishing simulations helps to keep employees practiced & reinforces good security habits. Evaluate Ongoing feedback, quizzes and surveys help us to evaluate the content and approach on an ongoing basis.
Cloud Security PlanningSecurity guidance for all stages of your cloud deployments. Assistance with navigating the many security challenges faced when planning and adopting cloud services.Cloud Security ControlsWe identify security controls that must be in place post cloud migration to meet your security obligations and follow best practices.Shared ResponsibilitySecurity and Compliance is a shared responsibility between cloud service providers and those consuming their cloud-based services.-We help ensure that the cloud provider has and can supply the necessary paperwork to prove security and compliance certifications such as ISO, SOC II, SSAE18, PCI, GDPR, etc.-We also help ensure that our clients are aware of their security and compliance responsibilities when it comes to security in the cloud. The shared responsibility model is often misunderstood by consumers of cloud service.Service Contract Reviews-Services contracts review-Data destruction/reclamation clauses-Cloud Maintenance clauses-Service Level Agreements, and more
Confidentiality: Ensures data is accessed by only authorized persons.
Integrity: Assures data can be trusted, that is, it is only edited by authorized persons and always remains in its original state when at rest.
Availability: Data is always available when required.
Prioritize Security ObligationsWhich is most important? Confidentiality, Integrity, or Availability?
“ALL OF THE ABOVE”All of your clientsDon’t choose between your client, business, or regulatory obligations. Improve your security program today with our vCISO Program!
Request a Free Consultation[/cs_content_seo]