SECURITY RESOURCING

Electronic & Virtual Chief Information Security Officer (eCISO & vCISO)

62% OF ORGANISATIONS DO NOT HAVE SUFFICIENTLY STAFFED SECURITY TEAMS * 

Keeping an organisation secure is a full-time job, and it takes a team of qualified people

  • It’s time to get the experts in.

SKILL UP WITHOUT THE HEADCOUNT

A CISO has to stay across so many different aspects of cybersecurity.

  • It’s time to share the load with a trusted team

GET THE ASSURANCE YOU NEED

It’s hard to do cybersecurity well, and it’s hard to know if you’re doing it right;

  • It’s time to get some independent assurance.

WHO CAN AFFORD A FULLTIME CISO ANYWAY?

CISOs are in high demand, making them hard to find and difficult to recruit. Even a full-time CISO can benefit from our eCISO and vCISO services.

CISO Services

Red Piranha offers two types of CISO packages delivered through our ISO 27001 certified security operations centres tailored to meet your organisation’s needs:

eCISOTM (electronic CISO)

Integrated CISO tasks with remote consulting hours

vCISO (virtual CISO)

On-site & remote security specialists for CISO activities

Compliance

Businesses are under increasing pressure to meet a range of compliance requirements including ISO 27001, PCI and HIPAA. By establishing the right foundation with our CISO services, you can be better equipped to stay on top of your evolving compliance needs.

CISO Roles

  eCISOTM

Our electronic CISO service is an integrated offering which utilises human-machine teaming to bring together a mix of people, process and technology to deliver a range of compliance outcomes. It is supported by remote consulting services from our village of cybersecurity professionals to deliver a range of critical tasks and help Crystal Eye customers develop and maintain a comprehensive information security program.

  vCISO

Our virtual CISO solution gives you on-site and remote access to our pool of highly-experienced security experts to build and roll-out your security program and meet your reporting requirements. It is mostly targeted at customers who aren't using our Crystal Eye platform.

Package inclusions

DeliverableseCISO®vCISO
Security Policy Document Templates - ISO27000 Series
Annual Cyber Security Review (CSR)
Dedicated Qualified Risk Officer
Annual Board MeetingRemoteOn-Site (AU)
AGM ISMS Executive Statement
Quarterly Board Risk Reporting
ISMS Risk Meetings (11 Hrs of Remote Cadence Meetings)
ISMS Risk Treatment and Data Processing (11 hours)
ISMS Incident Response & Escalation (10 hours offsite)
Staff Cyber Security Awareness Training (CSAT) 50 staff
Vulnerability Management Framework & Quarterly Scanning CE Scan*(External)

* Delivered through the Crystal Eye platform

The frequency and scope of these deliverables can be adjusted and priced based on your required level of assurance.

Resource Utilisation

With an eCISOTM or vCISO shouldering your security planning and reporting responsibilities, you and your team are free to focus on more strategic activities instead of putting out fires. Our CISO resources can recruit, train and mentor members of your IT and compliance teams to ensure proper security principles are being implemented and maintained across your organisation.

An eCISOTM or vCISO can also help set security strategies, procure solutions, remediate incidents, and put foundations in place for your compliance needs. They may also assist with bring-your-own-device (BYOD) policy and enforcement as well as managing your board-level responsibilities.

Is your business compliant?

If you’re not 100% sure of your compliance position, then you could benefit from eCISO® and vCISO services. There are laws in place that make directors personally liable if their organisation doesn’t meet its compliance requirements, so you need to pay careful attention to ensure these obligations are met. Being compliant takes considerable effort to implement policies and continuously update your systems requiring a security expert with extensive IT security experience.

Do you have a security plan?

Without an active security plan that is regularly updated to address developing threats, you are putting yourself and your business at risk. Your security planning for people, process and technology must be relevant to your business and regularly updated.


* Cost of a Data Breach Report, Ponemon Institute, 2022