Our Virtual CISO service provides you with an expert, board-level resource that can help manage and steer your information security compliance, governance or regulatory program.  Our prime focus is on knowledge transfer, enabling you to undertake information security tasks without relying on expensive external resource.  The Virtual CISO performs any or all of the duties a CISO or CSO normally undertakes and provides an expert resource that can manage, develop and support your security framework.  We base the service on making highly experienced personnel available to you – either onsite or offsite, to lead and drive security efforts within your organization, resulting in a highly customised, tailored approach that ensures maximum benefit.

WHAT DOES A VIRTUAL CISO DO?

A Virtual CISO can help in many ways, and provides:

  • An expert, independent and unbiased view of your risk, compliance and security postures
  • Elimination of office politics from your project decisions by presenting an objective opinion unaffected by turf wars and egos
  • Access to a wealth of industry experience.  Your Virtual CISO will have performed a senior security management role already for a number of years and can help you avoid costly mistakes
  • Senior-level presentations of your security posture and plans for the future to your organisation’s Board of Directors or other concerned bodies such as regulators or business partners
  • Procurement services and security technology liaison.  We know where to find value, what works and what often fails.  Cutting through marketing and technology jargon will help you understand the true costs and benefits.  This one feature alone will often save your company enough money to pay for the entire service
  • Strategic guidance in company growth, risk management and service offerings
  • Handling of your organisation’s vendor management program. The Virtual CISO can validate, track and maintain your organisation’s relationships with third party service providers and vendors, and the risk they pose to your business
  • An independent review of audit and assessment reports, assisting with prioritizing issues and tracking resolution
  • Co-ordination of security breach and incident investigations
  • An information security liaison to auditors, assessors and third parties
  • Assessment of the information security skills of your personnel and development of a multi-media program of education and cross training designed to provide them with skills necessary to protect your information

Cyber Security Consultants

  • In accordance with your risk and cost profile, our Cyber Security Consultants can advise on:
  • Adapting existing security solutions and controls
  • Enterprise security solutions
  • Outsourced security solutions
  • Open source / freeware solutions
  • High availability architectures, including DDOS mitigation
  • Security controls for both SMEs and FTSE-100 companies

Our focus is on knowledge transfer and risk reduction.  We don’t want to have to come back each year and do the same thing – we want to see you improve as a company, impart lasting knowledge and skills with your employees and ensure you are best protected against the growing cyber threat.
We are technical experts on:

  • Network Segmentation
  • Secure Configuration
  • Encryption and Tokenisation
  • Cryptographic key management and performance
  • End to end and point to point encryption
  • Holistic anti-malware and rootkit detection
  • All areas of application security
  • Access control and privilege auditing
  • Physical security
  • Security Information and Event Management (SIEM), file integrity monitoring (FIM)
  • Intrusion Detection and Prevention (IPS/IDS)
  • Incident response, risk assessment and security policies and process

Security Audits

ilim professionals are experienced Security Auditors and can offer Audits against the following standards:

  • Security Health Check
  • ISO 27001
  • FSA
  • DPA
  • PCI DSS
  • PA DSS
  • IG Toolkit (NHS and Local Government)
  • Code of Connection (CoCo)

This gives your organisation a snapshot of where you are in relation to the baseline requirements set by these standards.  We are approved to issue Security Health Check, Data Protection Act, PCI DSS and PA DSS Compliance certificates.

Risk Assessment

We work with you to understand why processes have evolved in certain ways and look to find solutions to reduce the scope of your exposure, thus lessening the overall cost and burden of regulatory compliance.  We can assess:

  • Risk Assessment
  • Financial, reputational and regulatory risk of exposure to data loss
  • Comparative risk to organisations of a similar operation
  • Risk assessment and risk profile of third parties
  • Alignment with security best practice and protection against known threats
  • Protection against emerging threats (eg social networking, crimeware, advanced persistent threats)
  • Scope of exposure to regulations such as the Data Protection Act, Financial Services Authority and Payment Card Industry Data Security Standard, by taking a data-centric approach, analysing data flows, repositories, people, processes and third parties to ensure that your security program has a solid grounding.
  • Where your data is and why it needs protecting
  • Risk Assessment inline with PCI DSS Control 12.1.2
  • Existing Risk Registers

We provide a report to serve as a baseline for your project moving forward, or to enable you to de-scope, re-architect and reduce exposure before proceeding.
ilim consultants are highly experienced, with extensive senior / CISO level experience already under their belts.  Our Virtual CISOs will help you access resource that you could not afford to maintain on a full time basis, helping bring you ahead of the game.