Service Descriptions
Professional Services are tailored to the needs of the Client. A Client may request program remediation support to address assessment findings. Clients may also request support to establish a process, with transition to internal personnel. Virtual CSO may be used as staff augmentation, to maintain the right balance between Capex and Opex.
Threat Landscape and Controls Analysis
It is necessary to tailor controls to the organization and to adapt to changes in the threat landscape. Threat Landscape and Controls Analysis starts with the inherent risk of the organization. Potential adversaries are described, with techniques for compromising data and coverage of the cybercrime ecosystem. Potential for impact is detailed while citing reputable sources. The organization’s risk tolerance is referenced for context. The organization's assets are listed, with a pivot into cybersecurity protection boundaries, control framework and risk assessments. Fair and balanced analysis is conducted by documenting risk mitigation and recent accomplishments in that domain. Residual risk is detailed with recommendations for new processes and controls. A summary statement addresses the organization’s risk culture, with recognition for conducting risk analysis.
Deliverables include a report and a slide deck presented to executive leadership.
Zero Trust Risk Assessment
If you are not familiar with zero trust, it is a security model that accounts for adversaries within the internal network and insider threat. Given the current threat landscape, it is necessary to focus on zero trust principles, where data flows, identifying controls and residual attack vectors. This service evaluates your IT environment by zero trust principles, including technical and administrative controls.
Deliverables include a report and a slide deck presented to executive leadership.
Establish a Third Party Risk Management Program
Establishes an end-to-end process for evaluating and managing third parties from a cybersecurity perspective (identify, risk rank, assess, risk treatment, monitor and oversight & escalations). Includes options based on risk tolerance and available funding.
Fees and Payment
Assessments are billed as a deliverable, with payments during stages of the project. Professional Services are billed at a flat hourly rate, not including travel expenses. A minimum number of hours are purchased on retainer. Services are billed monthly.
Next Steps
Each engagement is customized to meet the needs of the client. The first step in the process is to have a conference call. We work together on a list of bulleted requirements. Virtual CSO responds with a Statement of Work.
This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each Professional Services engagement.