The Introductory package establishes a cybersecurity “maturity roadmap” for small, lower-budget companies to mature the 30+ security domains that comprise information security. The package also includes a security gap assessment and report, vCISO leadership, cybersecurity program guidance, a regulatory compliance review, reporting to leadership, and vCISO support hours.

The Standard package is a risk-based approach that launches a security strategy based on common threats and risks. The plan includes a strategic roadmap for the program and maturing the 30+ security domains comprising information security and consists of a gap assessment and report, a risk assessment, and risk register development and management. The package also includes a regulatory compliance review, policy refinement, vulnerability management maturity, vCISO leadership, oversight of security personnel, reporting to leadership, and vCISO support hours.

The Advanced package establishes a security culture throughout the organization, forming strong cross-functional partnerships and ensuring cybersecurity strategy, security domain programs, and the company’s projects and initiatives align with the security ethos. In addition, the package expands on the Introductory and Standard packages by aligning policy, people, processes, and technology with business priorities. The Advanced package comprises extensive road mapping and project planning to coordinate business strategy and security initiatives and drive improvements to the security posture. The package also consists of an architecture review, incident management planning, and the prioritization of risk reduction strategies in addition to the Introductory and Standard package contents.

The Enterprise package is a premier suite explicitly tailored to the customer. The plan includes vCISO leadership, a comprehensive security strategy, SWOT analysis, extensive road mapping and planning, and alignment of initiatives with business objectives and quarterly priorities. Additionally, the package consists of a risk-based approach to security with risk assessments, risk register development and management, and oversight of risk remediation. The plan comprises personnel management, coordination with external auditors, meeting with cross-functional stakeholders to drive initiatives and projects, supervising security improvements and the optimization of the security-technology stack, reporting and metrics development, open hours, and more. In addition, depending on the selected package, the contents may include vendor security reviews, internal auditing functions, security awareness improvements, and social engineering exercises.

We can customize a package to suit your exact use case and requirements. So let us know how we can help, and we will tailor a package specifically to your needs.