CyberHoot vCISO Offering
Cybersecurity help is hard to find but desperately needed by SMBs and MSPs. Enter CyberHoot's Virtual Chief Information Security Officer (vCISO) which provides cybersecurity program development and consulting services to you for a fraction of the cost of hiring.
Defense-in-Depth Security Program
Each vCISO engagement starts with a risk assessment yielding a prioritized list of risks. CyberHoot provides solutions and assistance you need to mitigate your risks. Our minimum essential approach ensures we spend your time and money like it's our own. The result is a defense-in-depth, effective, right-sized cybersecurity program that secures your company from today's threats.
Risk Assessment, Risk Treatment, and Remediation
Most companies need to start quickly. CyberHoot's vCISO Lite program performs a quick Risk Assessment tied to automatic prescriptions, and detailed tasks to mitigate your largest risks fast.
Mature companies use vCISO Pro for a detailed risk assessment, greater depth of probing, teasing out common and uncommon risks to your operations, brand, and company.
Both result in a prioritized list of risks and remedies designed to thwart hackers from compromising your business, your data, and your livelihood. CyberHoot's programs are right-sized for your specific company needs.
Planning and Execution
In phase 2, the Risk Registry is reviewed. Risks are codified, owners identified, timelines set, investments decided, and acceptable outcomes determined. Additionally, governance policies are created and sent to employees for review and acceptance.
With your vCISO guiding you and your IT resources, a prioritized list of security risks are remediation in Phase 3. This can take 3 to 6 months minimum and often takes upwards of a year to 18 months to eliminate technical debt, make IT investments, and complete projects from your risk registry. Your vCISO stands beside you all along the way to ensure positive outcomes that are robust and secure.
Run and Maintain Mode
Clients engage their vCISO for many things in Phase 4 such as completing cyberinsurance questionnaires, answering cybersecurity questions, drafting your Security Brief, and handling cybersecurity incidents.
Having your vCISO manage a security incident from the start through conclusion and Root Cause Analysis (RCA) ensures the best possible outcome during a difficult time in a business’s life. The 4 sections defined below outline the vCISO process you can expect from CyberHoot.
Preparation (before an incident)
Before incidents occur, the vCISO builds incident response processes and secures approval from all stakeholders on this document.
Detection (at start of potential incident)
Incident discovery comes from many places, once detected, analysis is performed to confirm or refute an event.
Incident Handling (during incident)
vCISO leads containment, eradication, recovery, and revision efforts from start to finish.
Root Cause Analysis (RCA) (after incident)
Follow-up meeting to discuss what happened, why, and how to avoid a repeat, identify key opportunities for improvement, single points of failure, documentation gaps, etc…
Vulnerability Alert Management Process (VAMP)
Creating a repeatable process with agreed upon timelines for reacting to and mitigating a new and critical vulnerability is the key to success and protecting you from the following statistic: Of 317 SMB’s surveyed the 25% that reported being breached concluded that 80% of their breaches were due to missing patches from 1 month to 1 year in age. (Voke Research)
Create a VAMP Process Document
Your vCISO will bring a tried and true rating system to vulnerabilities and codify it for clients to establish guidelines for responding to a new issue.
Monitor for Alerts
Vendors release patches all the time. 3-4 times a decade there is a confirmed “drop everything” alert that requires immediate attention. Dozens of times a year, tour vCISO reacts to a potential “Drop everything” event to see if they need to pull the VAMP Fire Alarm drive and guide a response. 9 out of 10 times the issue is not that critical.
Research Mitigating Controls
Many vulnerabilities have mitigating controls that can be more easily implemented than patching and rebooting servers. Your vCISO will seek these out and report on them when available. For example: July 2020, a Sev 1 DNS risk was announced with a patch from Microsoft. A Registry Tweak provided immediate protection without patching and was recommended by CyberHoot vCISOs.
Various IT providers will say, "We patched everything for this vulnerability”. To them everything is what is known in the asset management database. Lost machines, abandoned machines, strange machines you didn’t realize run that OS can all lead to disaster.
vCISO Lite vs Pro comparison of features
Basic Risk Assessment
Incident Response 24x7x365
CyberHoot Cybersecurity Awareness Training
Dark Web Monitoring and Reporting
Awareness Training Compliance Reporting
Quarterly Phish Testing
Cybersecurity Bulletins, Advisories, Newsletters
Standard Cybersecurity Governance Policies
Cybersecurity Administrative Processes
Ad Hoc Cybersecurity Consulting
Cybersecurity Questionnaire Completion
Advanced Industry Specific Risk Assessment
Cybersecurity Roadmap Tracking and Reporting
Customized and On Demand Awareness Training
Company "Cybersecurity Brief"
Cybersecurity Incident Summary +Improvement Opp.
Cybersecurity Product Training
Cybersecurity Client Administration Option
Custom Phish Testing Schedules & Reporting
Customized Cybersecurity Governance Policies
Customized Cybersecurity Administrative Processes
On-boarding and Off-Boarding Artifacts
Software-as-a-Service Tracking and Assessment
3rd Party Risk Management
Cybersecurity Metrics Program of Board and C-Suite
Project Consulting for Cybersecurity Implications
Senior Cybersecurity Resource assignment
Annual Cybersecurity Awareness Training Webinar