Virtual Information Security Officer

Criminals after your information are well organised, focused, and educated. To stay ahead of them you need someone as good working for you. Large organisations have a Chief Information Security Officer (CISO). Smaller organisations do not have the need for a full-time CISO, but still need the expertise to deliver an information and cyber security strategy that ensures sustained business success and continuity. Security is usually seen as part of IT, but it now needs to include defences against physical and sophisticated social engineering attacks that IT teams may not have the knowledge to deal with.

Using a Virtual Information Security Officer (VISO) is a cost-effective way to have an information security professional deliver the information security strategy alongside your team.

Role of the VISO

The role depends on the organisation and their requirements. It includes, but is not limited to:

  • Providing senior management with concise reports and briefings on information security. For example, a security summary for senior management and board meetings
  • Providing independent and unbiased advice to address information security and compliance requirements. For example, could certification deliver measurable business benefits. Certification options include Cyber Essentials, Information Assurance for Small and Medium sized Enterprises (IASME) and ISO27001:2013
  • Working with your team to drive the development, implementation and management of the security vision, strategy and programmes covering cyber, social engineering and physical threats
  • Providing updates on new threats as they emerge and how risks can be eliminated or mitigated
  • Checking the security of suppliers and outsourced services. Security is like health “It’s not just how healthy you are but everyone you shake hands with”
  • Staff security training and awareness
  • Transferring Information Security knowledge to your staff
  • Coordination of security breach and incident investigations
  • Arranging any required tests. For example, penetration tests (Ethical Hacking), vulnerability scans, social engineering tests and testing business continuity and incident management plans

Our credentials

  • More than 30 years’ experience in the commercial, public and charity sectors in the UK and overseas
  • Leading work to obtain and maintain ISO27001:2013 certification at a leading Communication Agency (part of WPP) where sensitive information about FTSE100 companies is held before being made public
  • Certified ISO27001:2013 Lead Auditor
  • Member of the UK Cyber Security Forum and Cyber-security Information Sharing Partnership

Our approach – the four Es

VISO approach Explore, Examine, Extend, Enhance

Contact us for more details about the benefits of having a VISO