Upload File

rise of the virtual ciso · information security officer (ciso) can far exceed the budgets of many...

  • Home
  • Documents
  • Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time
17
Rise of the Virtual CISO National Cyber Summit June 5, 2019 Greg Schaffer Principal, vCISO Services, LLC

Upload: others

Post on 10-May-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Rise of the Virtual CISONational Cyber Summit

June 5, 2019Greg Schaffer

Principal, vCISO Services, LLC

Page 2: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Why We Are Here

© 2019 vCISO Services, LLC – Proprietary and Confidential

At an average annual compensation of nearly $260,000, the cost of adding a full-time Chief Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time security leadership position;  part-time experienced guidance is all that is needed. That's where a Virtual CISO (vCISO) adds value.

https://swz.salary.com/SalaryWizard/Chief-Information-Security-Officer-Salary-Details.aspx?&hdcbxbonuse=on&isshowpiechart=false&isshowjobchart=false&isshowsalarydetailcharts=true&isshownextsteps=true&isshowcompanyfct=true&isshowaboutyou=true
Page 3: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

About Me

© 2019 vCISO Services, LLC – Proprietary and Confidential

Page 4: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

What is a Chief Information Security Officer (CISO)?

© 2019 vCISO Services, LLC – Proprietary and Confidential

• First CISO• Today’s definition • Technical• Business• Organization location

Page 5: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Purpose

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Manage risk• 3LOD• Org location again• Segregation of duties

Page 6: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Regulations/Standards and Frameworks

© 2019 vCISO Services, LLC – Proprietary and Confidential

• HIPAA• GDPR• PCI• NYS DFS

• ISO 27001• NIST 800-53• NIST CSF• FFIEC CAT

Page 7: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

SMB Concerns

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Size less than 200 less than $50M• No budget for FT CISO• $260K• Not needed full time• Projects or ongoing

Page 8: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

What is a Virtual CISO?

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Consultant• Part time• Experience as a CISO• Not an IT Sec Dir• Works remote

Page 9: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

How a Virtual CISO Can Help

© 2019 vCISO Services, LLC – Proprietary and Confidential

• ISMS• Governance• Compliance

Page 10: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

How a Virtual CISO Can Help

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Gap and maturity assessments• Risk assessments• Risk treatment

Page 11: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

How a Virtual CISO Can Help

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Direct IT on Controls• Security Ops Center interface• BC/DR• Training

Page 12: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

How a Virtual CISO Can Help

© 2019 vCISO Services, LLC – Proprietary and Confidential

• SOC2 audit support• Vendor management• Client comfort

Page 13: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Engaging a Virtual CISO

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Vetting• Scope• Goals and immediate needs

Page 14: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Engaging a Virtual CISO

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Initial Request List• SME interviews• Assessment

Page 15: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Engaging a Virtual CISO

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Internal access• Communications• Meeting cadence

Page 16: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Final Thoughts

© 2019 vCISO Services, LLC – Proprietary and Confidential

• Your team• Share• Relationship

Page 17: Rise of the Virtual CISO · Information Security Officer (CISO) can far exceed the budgets of many small and midsized businesses (SMBs). However, many SMBs don't require a full time

Questions?

© 2019 vCISO Services, LLC – Proprietary and Confidential

Greg SchafferPrincipal, vCISO Services, LLC

[email protected](615) 472-9274

mailto:[email protected]

CISO JFO Funding Manual

The CISO Guide – How Do You Spell CISO?

Ciso executive forum 2013

CISO Playbook - OWASP

Why Work in Midsized Public Accounting Firms

Why IT Matters in Midsized Firms

Virtualizing SMBs: opportunities and challenges SMBs - Can… · Virtualizing SMBs: opportunities and challenges. Executive summary May 2012 Larger SMBs are moving faster to full

Selling SaaS to SMBs › ... › 1440_bredin_max_out_saas_sa… · Max Out SaaS Sales to SMBs. INCREASING SALES TO SMBS 2. Output INSIGHT Topics Methods • Qualitative • Live

ADP 2014 Midsized Business Owners Study

Protecting the MidSized Business

Office of the CISO

On A Large Array Of Midsized Telescopes

Jane Frankland - CISO Advisor@CYBER SECURITY CAPITAL - How to create a ciso personal brand

Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO)

CISO Softskills Handbook

More Than Your Data Could Be At Risk · Business Continuity A recent FEMA report estimates that 40 – 60% of small-to-midsized businesses (SMBs) won’t survive a data calamity

#%! My CISO Says

ADP 2015 Midsized Business Owners Study

Project Initiation Plan Sample for Midsized Website

The CISO Current Report - YL Ventures Current Reports/CISO Curren… · The CISO Current Report Q4 2019 3 About the CISO Current YL Ventures frequently confers with an extended network

CISO - Mobile Applications

Automating SMBs

ITIL For SMBs

Data Protection Strategy Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania

Cio ciso security_strategyv1.1

2015 Midsized Business Owners Study

Selling to SMBs

Ciso executive summit 2012

Five Cloud Myths for Midsized Businesses

The new CISO - Deloitte 78 The new CISO Looking inward: When the CISO needs to look in the mirror According to data from Deloitte’s CISO Labs, building capabilities to better integrate

Owasp atlanta-ciso-guidevs1

Flexpod express converged infrastructure for midsized it

Zentyal for SMBs Easy to use and aff ordable hybrid IT ... · Zentyal for SMBs | [email protected] Zentyal for SMBs Zentyal for SMBs Easy to use and aff ordable hybrid IT infrastructure

The state of CISO influence 2021 The maturing CISO role

Delivering CISO Vision and Strategy - Optivfiles.accuvant.com/web/file/ddf1e7ff005a4c979d46540817ab3880/CISO... · Delivering CISO Vision and Strategy SERVICE DATA SHEET CISO Services