A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry.
As a temp hire, a vCISO offers flexibility and cost controls. He/she can help build programs, conduct employee training, draft security policies and set standards for compliance mandates.
Most small and midsize businesses do not have senior security talent on call. Having someone conversant in identifying and analyzing threats, creating strategic security plans and ensuring compliance requires the right level of expertise.
Cisco reported only 29 percent of organizations have a CISO. Businesses with a CISO recorded the highest levels of confidence in their security stance in terms of optimization and clarity.
For small to midsize businesses, it doesn’t make sense to invest in a full-time CISO. A virtual one delivers a pay-as-you-go option and specialty skills required to draft a strategic security plan for a sound future.
There’s no universal standard for hiring a vCISO. Set up a retainer for a number of hours, contract on a per-project basis, or buy a chunk of hours to use as needed.
A qualified vCISO will be up to speed on the latest best practices, with experience in conducting risk assessments, penetration testing, intrusion detection and other key services. Should also have ability to train internal security staff.
A contract rate for virtual CISOs is 35-to-40 percent of the average salary for a full-time information security person.
Many companies are forced to spend an increasing proportion of budget on cleaning up after a breach. A vCISO can be invaluable as a firefighter and leader. Don’t wait until a breach occurs; prevention is better than cure.
Businesses with access to personal consumer data or companies in regulated industries, or with proprietary intellectual property, or with data security concerns are the best candidates for a vCISO.
This article was originally posted on the Worcester Business Journal.