VIRTUAL CHIEF SECURITY OFFICER

A New Service for Smaller Organizations

vcso

Three Steps to Risk Reduction

Step 1 Lays out the SMB framework.

Step 2 is a free interactive workshop.

Step 3 (This page) VCSO Service

Holistic Cybersecurity just became attainable for small and medium businesses as a result of a new methodology articulated in the August 2024 ISE magazine article and on this site.  

Intention of the CYBYR.COM VCSO Service

Every small and medium size organization is protected from attack.

Introduction
 

Our free SMB workshop revealed 60+ new zero and low-cost actions to reduce risk. The Cybyr.com VCSO service puts those zero or low-cost ideas into action for you structured as 10 Layers of Defense, focusing on reduced risk, upgrading your expertise and setting you up to be self-sufficient in the future.

It’s a Virtual Chief Security Officer (VCSO) service because it avoids the need to hire scarce full-time security experts as staff – being your on-demand partner when you need it.

It begins with an initial engagement that aligns with your organization beginning with a short but essential executive orientation. This includes discussion of the competitive and commercial advantages, legal responsibilities and conformance of the holistic methodology.

It evaluates your current security posture, using our unique Cybyrscore ™ laying out and prioritizing essential actions.

It follows up by partnering with you to create the necessary actions shown below and provides ongoing progress, cybersecurity awareness, enhancing expertise and update reviews as needed.

 

Initial Engagement includes the first quarterly review – see below.

Note: These are the typical actions required to reduce risk by strengthening all aspects of the operation. Some may already be in place or require updates. Others, such as development, OT network, Cloud strategy, manufacturing and critical infrastructure security may apply. Cybyr.com provides these as optional expert services

* Cybyr.com provides independent services and is not an agent or reseller of third party products.

Cybr.com Virtual CSO Service
Initial Engagement
1

Information Gathering

  • Inventory of existing assets, IT and network strategy.
  •  Evaluation using CybyrScore investigation of 50-100 potential vulnerabilities providing prioritized recommendations & risk rating
  •  Creation of outline list of prioritized risk reduction actions
2

Executive Orientation  (2 hrs) – This is a required commitment of the service

  • Discussion of outcomes, oversight, responsibilities and alignment with organizational goals and constraints
  • Description of the program structured as 10 layers of defense
Risk Reduction Deliverables – Executing the Created Plan
3
  • Development/amendment of custom Holistic Security Policy – with 10 principal categories – for executiove approval
  • Asset curation and automation plan
  • Resilience/Recovery Plan
  • Supply chain delegation training and contractual plan
  • Cybersecurity action & training plan for 10-12 departments, including HR, Finance & Admin, IT etc..
  • Cybersecurity policy statement for insurance & clients
  • Basic cybersecurity software protection 5 part plan*
4
  • Threat tolerance evaluation of financial risk/rewards and defense of implementing actions (requires 2 above)
  • Quarterly Security Execution Plan. This is effectively set of actions being the ongoing execution of the Security Policy to continually reduce risk as conditions change. It includes risk measurement and update for the next quarter. (requires 3 above)
Ongoing Cybersecurity Review and Update Subscription Service
 5
  • Ongoing Monitoring and Review of Cybersecurity implementation of 1, 2, 3 and 4 above
  • Update to Quarterly Risk Reduction Plan, includes risk improvements and plans for the following period.
  • Includes executive level presentation
  • The Service is offered on a quarterly basis
  • the Service is also offered on a monthly basis if required during the early stages of the project.
  • Annual subscription is available.
Other Services
6
  • Cybersecurity awareness (on-demand via cybyr.com, Industry rapporteur service, included in the service)
  • Expertise training to enable ongoing self-sustaining
  • Provision of future guidance, support and sharing of feedback
Subject to Payment Terms.
Service Pricing and Subscriptions
Service Price Comments
Initial Virtual CSO Services Engagement $2,000 Plus, travel if on-site required
Risk reduction deliverable creation – See sections 3 and 4 above Hourly Rate Estimates for each task provided
Quarterly Reviews Hourly Rate Minimum hours per quarter Phone support included
Monthly Reviews Hourly Rate Minimum hours per quarter Phone support included
Ongoing cybersecurity awareness, expertise training and rapporteur services Included in Review Service
Payment Terms
        • Initial Engagement 50% on order, 50% on completion
        • Hourly rate service – on completion of work
        • Electronic payment only.