-
Fractional CISO - Fractional Chief Information Security Officer
Need a CISO, but not a full-time one?
This includes:
- Identify, ranking and advising you on your company's security/privacy vulnerabilities
- Help you understand the business costs, should these vulnerabilities be used by a threat actor
- Define the steps to take to mitigate those risks, and the costs associated with the mitigations
- Create a security risk posture for your business
- Oversee agreed on changes
This could also include planning, and working with your staff to roll out a new security program, tailored to your timing needs, budget, and stakeholder requirements.
Includes driving down costs (monetary and reputation) related to security tools, breaches, etc. And, looking for ways to increase revenue, and not just limit loss, related to your security and privacy efforts.
-
Fractional DPO - Fractional GDPR/UK Data Protection Officer (DPO)
If your company process personal data of persons in the EU/EAA/UK,
or your processing is considered "monitoring",
you'll likely be required to have a qualified Data Protection Officer
designated, under the EU's General Data Protection Regulation, the
GDPR.
See GDPR, Chapter 4, Article 37.
It may also be useful for you to review the EU's guidance on when a
DPO is required.
If you process the personal data of persons in the UK, the UK's
Data Protection Act
will also likely require you to designate a DPO.
See the Data Protection Act, Chapter 4, section 69.
-
Risk Management - Running a one-time, or on-going Risk Assessment and Treatment process
Helps you build an understanding of your company's current Cyber and Privacy risks and to define both the critical data you need to protect, and your company's level of risk tolerance. When that's in place, I'll help you determine which risks need to be reduced, how to go about that, and oversee your staff to implement the risk mitigations.
-
Executive/Board Meeting
Helps you, and/or your board, understand what you're up against based
on your industry. This would include recent changes in the threat
landscape, changes in focus areas (for example, more focus has been
occurring in the last couple of years related to vendor or supplier
reviews than we'd seen in the preceding years). We might also look
at tools that could help your business, including those that make use
of AI.
-
Audit Prep - Helps you build out your security and privacy programs before your company's initial ISO-27001 Stage 1, SOC2 Type 1 audit(s) or other standard-driven audit.
-
SWOT Analysis - Create a Strengths/Weaknesses/Opportunities/Threats analysis focused on Security and/or Data Privacy for your company.
