(vCISOs) Virtual Chief Information Security Officers
The data charities hold is highly valuable, but internal cyber security resources are often limited. It is unsurprising, then, that over 30% of charities reported cyber security breaches or attacks last year, according to the Department for Digital, Culture, Media & Sport. A significant increase from 19% in 2018. This is where our vCISOs or Virtual Chief Information Security Officers can help.
Smartdesc can quickly scale up your security operations to help your organisation achieve best practice, or respond to cyber threats, via Cyber Security Leadership as a Service.
Our highly experienced Information Security leaders, also known as vCISOs (Virtual Chief Information Security Officers), have in-depth understanding of IT security and the charity sector. They can provide immediate help, ensuring security improvement projects are prioritised, as well as ongoing Cyber Security Leadership to ensure your organisation aligns to industry best practice.
vCISOs will work alongside your existing IT team, and take accountability for your IT security – managing resources to deliver cyber improvement projects which quickly achieve information security certifications such as Cyber Essentials for your organisation.
The vCISOs service augments your IT team with cyber security expertise and leadership, at the right level and at a far lower cost and overhead than trying to maintain this resource in-house.
Our Cyber Security Leaders typically work with you on a part-time basis, acting as in-house, impartial and trusted advisors; driving cyber security forward through deep collaboration with all levels of your business and third party providers. They also provide:
- Alignment to Cyber Security Best Practice – NCVO 10 Steps / Cyber Essentials Plus, ISO27001.
- Development and implementation of your Cyber Security strategy and roadmap, and Cyber Security Awareness training.
- Improvement and ownership of your Security Information and Event Management (SIEM) processes and systems such as SOC.
- A technical audit of your IT infrastructure, with recommendations to align to best practice, reduce duplication, cost and risk of outages
- Ownership and overall accountability for your security stance, including reporting to Trustees, Exec Team etc.
- Management of security risks; maintenance of the InfoSec Risk Register and oversight of key risk areas on an ongoing basis
- Audit of your Cyber Security stance; can include Penetration Testing, Website assessments, Cyber Essentials Plus.
- Ongoing Cyber Security advice to the business for campaigns, digital etc.
"Collaboratively we have completed a substantial amount of work with Smartdesc. Their experience allows clear, effective advice and I don’t hesitate to recommend Smartdesc for any organisation looking for any information governance expertise."
Jamie Wood
Gift Aid, Compliance and Fulfilment Manager, Prostate Cancer UK