Compliance Readiness — Many small and medium-sized companies are doing business with large global customers that demand appropriate compliance is in place and managed continuously. As a fractional advisor, I help clients prepare for compliance by identifying appropriate controls, risk assessments, development of policies, and other processes, educating employees on their roles required for gathering and testing their own controls and aligning with the audit portion of the process.
Third-Party Risk — This has been a moving target for some time, ever since the large data breaches in 2012 exposed the risk of third parties, some of whom were not taking security and privacy seriously, causing data breaches for their clients. I can assist a company with developing the right strategies, processes, templates, vendor risk registers, vendor questionnaires, etc.
Cyber Resilience — Continues to be an integral part of the security ecosystem, maintaining processes to prepare, detect, respond, contain, and restore following an incident. Companies need the proper Incident Response plans, playbooks, readiness assessments, business continuity, and disaster recovery plans. In addition, constant testing of the plans is necessary for both technical and executive teams so they understand their roles and responsibilities during a major incident.
vCISO/vCSO — Some companies, especially small and medium ones, are finding that they need security leadership, whether to maintain compliance or for other reasons. Hiring the best and most experienced CISO or CSO can take time, or perhaps your CISO/CSO recently left the organization, and you need to maintain the status quo with security and compliance. This is where a virtual security officer comes into play. The virtual security officer can assist with security roadmaps, aligning security needs with business needs, ongoing compliance activities, security awareness, working with third parties like MSP/MSSPs, etc.
Data Protection and Privacy — Data has always been the “crown jewel” that attackers have been after through their often coordinated actions, whether outsider or insider. Companies, in general, should have protected data, especially data belonging to consumers, employees, and customers that are deemed sensitive or protected. The hardest part is knowing what data resides at a company, and through various assessments and activities like data processing agreements, minimum data security requirements, various privacy laws and regulations, data mapping exercises, etc., I can assist a company in ensuring their data is protected properly. This can also include rolling out data protection training, Privacy Champions programs, and other initiatives.
Threat Intelligence and Threat Profile — Understanding your company’s threats and where they originate will help you develop an overall strategy for protecting the company, its assets, and its employees. I can assist a company or individual (UHNW, VIP) with specific profiling of attackers, physical or cyber-related. This can include deep-dive due diligence on a potential customer or partnership or competitive intelligence reports for a new program or product launch.
