Can your business benefit from a part-time CISO?
Table of Contents: |
A real story of risks found on a site and how this organization remediated them:
In 2016, we had been asked to conduct a security risk assessment of a large hospital.
During the site walkthrough, we discovered over 5000 computers running Windows XP still in use all over the hospital. Windows XP had been officially at End-Of-Life and unsupported in 2014 – two years later, this hospital was still actively using an unsupported, unpatched version of this Windows operating system. We reported this as a high-risk finding and presented the risks to the Compliance Committee. The Compliance Committee understood the gravity of the situation and approved replacing these 5000 computers within the next 3 months. This was 2016. A few months later, in 2017, the WannaCry ransomware attack struck all over the world, affecting computers similar to this – unpatched, unsupported versions of Windows operating systems! We are pleased to report that this hospital was not a victim of WannaCry due to the findings of their security risk assessment and their prompt action in remediating the issue. |
This is just one example of tasks that would normally be the responsibility of a CISO. The technology department may continue working with older versions of equipment and software because they may not have the budget to replace these. However, a CISO’s responsibility is not only to identify risks but also to escalate them to senior management and the Board and to secure funding to mitigate and remediate risks.
What can a part-time CISO or a VCISO do for you?
Among other things, a part-time or virtual CISO will be responsible for:
How to find your part-time or virtual CISO:
A part-time CISO is a cost-effective alternative to hiring a full-time CISO especially if the size of your business does not necessarily warrant a full-time CISO. Identify a vendor or consultant who has
While security itself is a 24x7 task, your Chief Information Security Officer can be part-time and still very effective based on your current security posture, your budget and your business’s security needs.