vCISO Services

Building and Maintaining an effective cybersecurity program can be scary for many organizations. You are trying to run your business. Cybersecurity is not your core focus. Not having an effective program, however, can have catastrophic results.

Fractional CISO has flexible vCISO solutions that allow you to maintain focus on your charter. We enable your business with cost effective solutions to build and maintain your cybersecurity program. You can choose to outsource some or all of your program. We’ll provide our expertise where it is best utilized.

Our proven vCISO processes will help your organization reduce your cybersecurity risk. You can choose to engage with a vCISO or select a la cart vCISO services to fill in particular needs for your organization.

vCISO – Virtual CISO

Fractional CISO offers a flexible vCISO that we can scale to your business’s needs. Whether it is full service or a portion of vCISO services we can flexibly provide the right solution for your organization.

vCISO difference

Our vCISO services have several differences from other providers resulting in a high quality, cost effective solution. One common theme you will note is our flexibility which allows us to tailor the solution exactly to client need.

  • Highly customized services that allow customer to get exactly what needed.
  • Flexibility to accommodate differing needs.
  • Use of quantitative risk analysis to most cost effectively leverage cybersecurity spending.
  • Use of cybersecurity analyst to bring costs down for client. Cybersecurity analyst can perform tasks that do not require senior leadership such as policy editing, research or certain technical tasks. We pass the cost savings onto our clients.
  • Flexible cybersecurity training depending on client needs. In many cases, a third-party product can deliver cybersecurity training more cost effectively. We will recommend you use the third-party product if you don’t have customized cybersecurity training needs.
  • Strong application security, supply chain and IoT security understanding.

Interim CISO by a vCISO

Has your existing CISO left your organization? Who is managing the day-to-day of your cybersecurity program? Use our experienced Interim CISO services to fill the gap. We can structure the Interim CISO assignment as a caretaker role to simply bridge the gap and run the existing cybersecurity program. In cases where more change is required, we can implement the Fractional CISO gap assessment, risk assessment, cybersecurity plan methodology to help close the gaps in your organization’s cybersecurity program.

Quantitative Cybersecurity Risk Assessment – QuantiShield

You need to know which cybersecurity issues you should be working on. QuantiShield by Fractional CISO provides you with the tools to evaluate the risks in your organization and prioritize them.

QuantiShield uses a quantitative cybersecurity risk assessment methodology. QuantiShield results can be used in conjunction with any cybersecurity framework. It is compliant with SOC 2, ISO 27001 and other standards.

QuantiShield embeds the latest research in conjunction with years of experience to provide a cost effective, business-based cybersecurity risk assessment.

Risk Management

Effectively managing your organization’s cybersecurity risks is one of the most important tasks of a cybersecurity leader. We provide a framework and tools for risk management. The results are clients who are focused on resolving the most important cybersecurity issues. These clients also are able to comply with a variety of industry requirements regarding risk management.

Cybersecurity Plan

Every company needs a cybersecurity plan. We help you build your plan based on your business objectives and the results of the cybersecurity risk assessment. The resulting plan will put your organization in a better posture to defend against today’s attacks.

Policies and Procedures

Whether you need policies and procedures created from scratched or edited, we can help you. Sometimes your existing policies are aspirational. We can help make sure that you actually follow them.

Here are some of the policies that we typically write/edit:

  • Information Security Policy
  • Acceptable Use Policy
  • Password Policy
  • Business Continuity Policy
  • Disaster Recovery Policy
  • Incident Response Policy and Procedures
  • Cloud Services Policy
  • Risk Management Policy
  • Third-Party Supply Chain Policy
  • Secure Software Development Lifecycle (S-SDLC) Policy

Compliance Services

Your organization is evaluating complying with a particular standard or regulation. Your customers may be asking you to get a SOC 2 or ISO 27001 certification. Maybe you are a financial institution and need to comply with New York DFS, SEC or FFIEC cybersecurity regulations. Perhaps as part of your cybersecurity program you are looking to evaluate how is your organization performing relative to NIST CSF.

If you don’t have full-time staff working on your audit, it can be a significant burden on your organization. These projects could drag on for months leaving your organization exposed.

Our clients rely on us to create and edit the documentation required for compliance. We also help them identify and close gaps to meet a particular audit. We can also manage the entire audit process leveraging our extensive experience in this area.

Cybersecurity Program Management

There are a lot of tasks that a vCISO manages in your cybersecurity program. Your organization’s training. How you are doing with patching. Your responses to alerts. Managing your organization’s vulnerabilities. Checking up on your important third-party suppliers. Fractional CISO can supply program management for your cybersecurity program. You can decide which aspects of the program to outsource and which ones to keep in-house.

Cybersecurity Training

Fractional CISO can use your existing cybersecurity training program, bring in a third-party training program or create custom material for your organization’s specific needs. Whatever the situation, we’ve got you covered.

Vulnerability Scanning

Vulnerability scanning is an important thing to do to make sure that your applications, website and network do not have known vulnerabilities. Hopefully you already do it. If not, then we can help! Note: These services are only performed for clients who do other work with us.

Cybersecurity Project work

There are all sorts of cybersecurity projects that we can help you with. We have security expertise beyond our vCISO capabilities. If you have security needs that require thoughtful cybersecurity business leadership then give us a call. Here are several examples of projects that we undertake.

Security Product Leadership

Are you a cybersecurity startup? Are you looking for an experienced product leader with a significant security background? We can help you with product market fit, roadmap and everything else a product leader does.

Extended Validation (EV) Code Signing Audit Letter

Is a certificate authority (CA) asking you for an Extended Validation (EV) Code Signing Audit letter from a CISSP? We’ve done these before. We can quickly get your EV Code Signing project on a path to success.

Security White Papers

Need help writing a cybersecurity white paper? We can assist you / do it for you. Check out a recent example.

Internet of Things (IoT) projects

IoT adds complexity to the security landscape. Utilize our deep IoT product experience to materially improve the security of your IoT deployment. Check out our IoT brochure.

Secure Software Development Lifecycle (S-SDLC)

Many software development organizations know how important it is to have a Secure SDLC in place but struggle with the potential complexity in rollout. Leverage our decades in secure software development to assist in minimizing process changes while maximizing the security posture of your development team and process. Leverage the OWASP Software Assurance Maturity Model (SAMM) or Building Security In Maturity Model (BSIMM) to jumpstart your program.