vCISO - Virtual Chief Information Security Officer

SECURITY PROGRAM

Virtual CISO

Security leadership and guidance when and where you need it.

Integrity's vCISO is designed to help businesses take control of security. To develop a security strategy that guards sensitive information, strengthens brand reputation and protects customer data.

vCISO is a tailored information security program that delivers expert security leadership with a supporting team of analysts and consultants to solve unique security challenges.

Integrity is a great partner to us in providing valued information security guidance and advice to our organization. Integrity’s team of professionals are able to integrate well with our team and provide the needed consulting to make our information security program successful.

John Bertrand Vice President of IT - Kreg Tool Company
Kreg Tool Company

How vCISO works

We start by learning about your organization and understanding your business objectives. We then develop a plan that aligns with your security needs. From there, we are able to function as an extension of your business and deliver expert security insight, leadership and support.

1

Establish Your Security Vision

Understanding where you want to go is integral in deciding how to get there.

2

Determine and Prioritize Security Initiatives

The tailored security program will provide strategic direction to help you achieve your goals. We will determine and prioritize security initiatives to reduce risk in a quick and cost effective manner.

3

Reduce Risk with Continual Security Improvements

Assessing and addressing risk is never complete, but Integrity’s team will be with you, leading and guiding along the way.

Accumold

The vCISO team has a deep understanding of our business and security needs. They are down-to-earth, communicate effectively, and display a real passion for helping our organization.

Tysen Landmesser Information Technology Manager - Accumold LLC

Developing your security program

Integrity’s vCISO team develops security programs by utilizing a combination of the following services. Your program will be unique to your organization and designed to execute security initiatives while achieving business objectives.

IT Risk Management

By understanding security risk and the impact it may have on an organization, Integrity’s security consultants set the foundation for a formalized IT risk management program. Beginning with a risk assessment, organizations can realize a positive ROI by prioritizing expenditures in a manner that improves security posture while aligning risk with acceptable tolerance levels.


IT Audits

IT audits provide insight into potential gaps in processes and procedures in a technology environment. Audits identify problem areas by reviewing how well technology controls are designed and implemented.


Policy Review and Development

Policies must be designed to support risk management goals while maintaining business operations. Integrity’s process involves one-on-one interaction with business leaders, providing consultants with the insight necessary to draft your policies in a manner that will support your objectives.

Penetration Testing

Penetration testing is a proactive approach to discovering exploitable vulnerabilities in your computer systems, network, and web applications. Gaining an understanding of these vulnerabilities will enable you to resolve issues before an attacker interrupts your business operations with a devastating security breach.


Social Engineering

By performing social engineering assessments of an organization’s facilities and employees, Integrity is able to establish the baseline security posture and make recommendations for modifying and developing stronger policies, procedures, and security awareness and training practices. Social Engineering services include Pretexting Phone Calls, Email Phishing, Dumpster Diving, and Facility Access - Onsite Security Assessment.


Security Awareness and Training

When implemented properly, security awareness and training activities can lead to greater reporting of suspected attempts to compromise an organization’s critical assets and fewer instances of employees falling prey to cyber threats and tactics.

Security Consulting

Integrity consultants meet with clients to gain an understanding of their organizational culture, risk tolerance levels, regulatory environment, and industry pressures. This allows the team to approach information security using a risk-based methodology, enabling customization of each solution.


Business Continuity and Disaster Recovery

Business continuity and disaster recovery planning are critical to a business’ ability to weather interruptions to business functions and recover in case of a disaster. We help you identify critical assets and plan accordingly.


Compliance and Controls

Integrity’s vCISO will help discover a balance of risk management and security without compromising your organization’s mission and budget. Rely on Integrity as your partner for achieving HIPAA, SOX, PCI, GLBA, and FISMA compliance, preparing for SOC 2, and identifying and evaluating appropriate frameworks and controls (NIST, ISO, CoBIT, etc.).

Yes, Integrity utilizes a team of information security professionals to provide the very best security services for each vCISO program. Your program will have a vCISO leader who will guide the program's strategy while utilizing Integrity's security team of consultants and advisors to accomplish necessary milestones. One of the advantages of vCISO is that additional security professionals are included in the security program, unlike with a CISO who must hire additional people (or outsourced service providers) to fulfil security needs.

Integrity's virtual CISO (vCISO) is generally much less expensive than a full-time in-house CISO. According to SilverBull's May 2016 report, the Median salary for a CISO is $223,000 per year. The base salary doesn't even include the additional expenses that go into increasing employee headcount. On average, Integrity's vCISO clients pay a fraction of what it would cost to hire an in-house CISO. vCISO clients also gain access to the expertise of an entire team, which eliminates the inherent skills gap of a single employee.

vCISO enables companies that could not otherwise justify the expense of a CISO to receive top quality security vision, strategy and execution.

vCISO has no borders. That is one of the many benefits of the program. Communication with Integrity's vCISO team can occur remotely though the use of tele-conferencing and online collaboration tools. Engagements can also be conducted in-person. Many of our clients employ a hybrid approach where the vCISO lead is onsite periodically to foster teamwork while other times working remotely to leverage the cost savings that virtual meetings afford today’s businesses. Integrity's team will find the right balance of on-site and remote activities that fit your company culture and budget.

Yes, vCISO is designed to provide tailored security programs. Integrity solves information security challenges based on risk, and because there are risks unique to your company, our security program is as well.

The vCISO program begins as soon as the statement of work is executed. Integrity’s vCISO team is organized and prepared with the appropriate “first step” action items for inaugural vCISO initiatives. However, the maturity of a client’s current information security program dictates the speed at which the vCISO program progresses. Integrity is prepared to work at whatever speed the client is equipped to handle.

Integrity prides itself in its ability to fully integrate with existing IT and business leadership teams. Integrity's vCISO relies on these teams to strengthen the client's security posture and improve security policies and procedures. The goal of the vCISO is to appear indistinguishable from an internal entity. The virtual CISO has the client's best interest in mind, and the relationship with IT and business leaders is integral in achieving security success.

Integrity's vCISO is not defined by hours. It is designed around security needs. This means that vCISO clients receive as many hours as needed in order to meet security objectives. Pricing is based on estimated hours to achieve objectives defined in the scoping of the vCISO engagement, but there is no cap on hours once the scope is defined.

As your vCISO, Integrity will work with your clients/customers to provide them the proper documentation and help them understand your information security program and how it supports the work you perform for them.

Some of Integrity's clients know exactly what they want included in their vCISO program, but most of them do not. Integrity works with clients to define the vCISO service based on company culture, risk tolerance and compliance requirements. Once services are defined, Integrity will generate a proposal to review with the client. Adjustments will be made to the proposal until it meets security needs and business objectives.

Certifications held by Integrity’s vCISO consultants and analysts.

  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (C|EH)
  • GIAC Certified Intrusion Analysts (GCIA)
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
SOC2

Interested in our vCISO Program?

Fill out this form for more information or to request a proposal.

Call 1 (515) 965-3756 ext. 3, or fill out this form.