Virtual CSO

Proactive, cost-effective security with a business focus
 

Security is one of the most complex disciplines in the IT industry.  To be truly effective, security practitioners need to be understand threats and vulnerabilities, attacks and exploits and controls and countermeasures.  They need to have an understanding of all technology types including from wired and wireless networks, storage, virtualization and multiple operating systems.  Furthermore, they need to be proficient at detecting and responding to security breaches and other incidents.  All of this needs to be done in the context of risk, not to computers, data or information, but risk to the business.  Good security professionals understand that there is such a thing as acceptable risk and in some cases, that risk is greater than would be desired, due to business or technical constraints or requirements.  People with these skill sets are not particularly common and tend to cost more than many organizations, particularly small to mid-sized businesses, can afford on a full time basis.  As a result, security becomes an afterthought or is not properly integrated into business decisions.


NWN STAR’s Virtual Chief Security Officer service offering is designed to make security expertise affordable for just about any organization by assigning to each customer a consultant who can take on the role of CSO.  The Virtual CSO or V-CSO would take part in periodic strategic decision making sessions in order to ensure that security and compliance concerns are adequately addressed.  To ensure that the V-CSO’s understanding of the client’s environment remains current, periodic recurring assessments will be performed as part of the service.  These recurring assessments allow the V-CSO to create and track security metrics over time and to be in a position to recommend corrective action should a business decision result in an exposure or should significant or critical vulnerabilities be identified.


In addition to recurring assessment, the V-CSO service includes a pre-defined number of consulting hours per month during which the V-CSO or another member of the NWN team can make implement changes, make corrections or perform other tasks.