
Virtual Information Security Officer - vISO

In today’s constantly evolving cyber threat landscape, employing the services of an Information Security Officer is critical to ensuring your security policies, practices, and posture remain in-step with the very quickly changing world of digital threats.
Unfortunately few companies can afford a full-time Security Specialist. That’s where our virtual Information Security Officer (vISO) can help. You will receive a full spectrum of services but delivered on a cadence and budget that you can afford.
Our vISO helps ensure your organization is following cybersecurity best practices. Activities are performed monthly, quarterly, semi-annually, and annually. The service is designed around the Center for Internet Security (CIS) framework and performed by a certified Security Analyst.




Security Officer
Employing the services of an Information Security Officer (ISO) is critical to ensuring your security policies, practices, and posture remain in-step with the very quickly changing world of digital threats. Regardless of how manual or automated your cybersecurity environment is, someone needs to be charged with the oversight of your security program. This person ensures the established cadence of activities, security thought leadership, and c-level communication takes place.
A certified analyst trained in cybersecurity and who is focused on dealing with threats and remediation is required for this role. Unfortunately few companies can afford a full-time security specialist nor is this a full-time role for most companies. That’s where our virtual Information Security Officer (vISO) can help. You will receive a full spectrum of services that are designed to provide security oversight, but delivered on a cadence and budget that you can afford. Defined activities are performed monthly, quarterly, semi-annually, and annually. The service is designed around the Center for Internet Security (CIS) framework and performed by a certified security analyst. We hold the following certifications.
CIS Cyber Hygiene Assessment
An excellent first step to combating cyber threats is to implement the first six CIS controls known as the Basic Controls. These controls are fundamental to every cybersecurity blueprint and are listed below.
- Inventory and Control of Hardware Assets
- Inventory and Control of Software Assets
- Continuous Vulnerability Management
- Controlled Use of Administrative Privileges
- Configuration for Hardware and Software on Mobile Devices, Laptops and Servers
- Maintenance, Monitoring and Analysis of Audit Logs
Microsoft 365 Security Assessment
We can perform a security assessment specific to your Microsoft 365 environment. The Security Configuration Benchmark for Microsoft 365 provides prescriptive guidance for establishing a secure configuration posture for Microsoft/Office 365 running on any OS and includes Exchange Online, SharePoint Online, OneDrive for Business, Teams, Azure Active Directory, and inTune. Assessments are tailored to the type of Microsoft licensing you currently subscribe to.
CIS Controls Security Assessment
CIS Controls are prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state. However, it is not a one-size-fits-all solution. Many organizations cannot address all controls based on limited resources. As a result, CIS has organized the controls into three Implementation Groups. The groups are self-assessed categories for organizations based on relevant cybersecurity attributes. Each group identifies a subset of the CIS Controls that the community has broadly assessed to be reasonable for an organization with a similar risk profile and resources to strive to implement. We determine which Implementation Group your organization fits into and then perform that level of assessment that provides the most value to you.