Professional Services

 
Professional Services are tailored to the needs of the Client. A Client may request program remediation support to address assessment findings. Clients may also request support to establish a process, with transition to internal personnel. Virtual CSO may be used as staff augmentation, to maintain the right balance between Capex and Opex.

Examples of Professional Services include policy development, process design and creation of documentation such as an incident response plan.

Establish Programs
Cybersecurity Third Party Risk Management PCI Compliance Application Security
Business Continuity Security Awareness Vulnerability Management Insider Threat
Conduct Assessments
Application Security Supplier Cybersecurity Risk Compliance
Business Continuity Incident Response Line of Business FMEA Process Risk
Security Operations Center (SOC) Fraud Prevention Insider Threat Process Design
Mergers & Acquisitions Infrastructure Security SaaS Providers Threat Landscape and Controls
Prepare For
Third Party Assessment The Company to go Public Assessment by a Regulator Assessment by an Aquiring Company
Develop
Roadmap / Multi-Generational Plan Annual Program Goals Metrics and KPIs GRC Business Requirements Document
Vulnerability Management Plan Process Diagrams Internal Control Framework Cloud Security Strategy
Risk Management Strategy Risk Scenario Inventory Incident Response Plan Risk Register Process
Security Management Plan Communications Plan Crisis Communications Workforce Development Plan
Conduct Training
Incident Response Security Awareness Assessments 1:1 Mentoring
Present To
Executives Regulators Board of Directors The CISO
Create Program Documentation
Security Policies Program Overview Deck Procedures Manuals Mission Vision Statement
SWOT Analysis Plan of Action and Milestones Threat Landscape Advisories Risk Tolerance Statement
Security Contract Addendum Program Welcome Packet Security Awareness Newsletter Control Deployment Risk Model

Professional Services will also provide guidance such as interpretations of security standards and advising IT personnel on how to address a security control.

Fees and Payment

Professional Services are billed at a flat hourly rate, not including travel expenses. A minimum number of hours are purchased on retainer. Services are billed monthly.

Next Steps

Each engagement is customized to meet the needs of the client. The first step in the process is to have a conference call. We work together on a list of bulleted requirements. Virtual CSO responds with a Statement of Work.

This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each Professional Services engagement.