Our Services
With 0% unemployment for Cyber Security professionals, your organisation may not have the necessary resources to employ a full time dedicated cyber security team. Additionally, your existing IT teams may not have the capacity or specific skillset to keep up with the constant flux of cybersecurity threats today.
VISO can help bridge this gap while enabling you access to high level security expertise in a timely and cost-effective way. Whether you are looking for a more cost-effective solution or want the expertise of an experienced resource, VISO offer tailored offerings as an alternative to setting up an internal Cyber Security team.
CISO as a Service
At VISO we provide a Virtual Chief Information Security Officer (CISO). In a cost efficient manner, this allows organisation to gain the expertise of an external experienced information security manager.
No matter where your organisation is on its cyber journey, VISO can build a strategy for cyber security improvement in line with best practices such as ISO27001, NIST CSF and Cyber Essentials, helping you to work towards gaining these accreditations.
Our CISO as a Service can include as required all of the below individual types of work, tailored to meet the needs of the organisation.
Cyber Risk Assessment
We can manage your control, system or vendor based risk assessments.
Assessing your organisation against ISO27001 or NIST CSF can provide an organisation with a GAP analysis to best practice. Our team have experience pulling these assessments together, interviewing key resources and presenting the results back in a detailed report with a usable executive summary.
Our team can also setup an appropriate risk management framework for ongoing management including implementation of Cyber risk management policies, processes and procedures, tailored to meet your business requirements.
Open Source Threat Intelligence (OSINT)
We can assess, or provide access to, information openly available on the internet about your company, its digital assets and what vulnerabilities exist which hackers have available to them at their fingertips.
Using our OSINT tool, we can provide a ‘security scorecard’ for your internet facing digital assets. This is generally the first part of reconnaissance by hackers when they are targeting a company with the likes of ransomware or business email compromise. Our team can provide anything from a point in time scan to a persistent service which will alert of changes.
ISO27001 Internal Audit as a Service
Our team can be your internal auditors
Implementation of ISO27001 requires ongoing internal audit, which must be carried out as described in clause 9.2 of ISO 27001, and should be conducted at planned intervals.
Without the experience of a seasoned audit professional, the internal audit can be challenging to undertake, especially when the organisation is new to ISO 27001.
Policy Development
Do you need security policies – we can draft and manage the process
Many organisations do not have the necessary expertise internally to know which policies are needed to bring the organisation to a cyber security best practice.
Our policy development service can bring clarity on what you need to do to demonstrate compliance with information security standards and align with data protection regulations such as GDPR. Our team have experience of working with organisations of different sizes to help develop a suitable suite of policies to meet the needs of the business and enhance the security of the organisation.
Technology Assessment And Sourcing
We can manage your control, system or vendor based risk assessments.
Assessing your organisation against ISO27001 or NIST CSF can provide an organisation with a GAP analysis to best practice. Our team have experience pulling these assessments together, interviewing key resources and presenting the results back in a detailed report with a usable executive summary.
Our team can also setup an appropriate risk management framework for ongoing management including implementation of Cyber risk management policies, processes and procedures, tailored to meet your business requirements.