This blog post is part two of a three-part series. It is an excerpt from our whitepaper on the Virtual Chief Information Security Officer concept. We hope you find it helpful in visualizing practical applications of outsourcing the Information Security Officer function in financial institutions.
To get the whitepaper, you can enter your information below, or click here to learn more.
Uptown Mutual had a relatively new CISO, Greg, who had been promoted from within about 9 months ago. He had some IT experience, but more importantly, had a business sense that Uptown executives were excited about. As much as everyone loved the work Greg was doing, management knew that, with all the upcoming security and IT projects slated for the next 12 months, Greg may get a bit overwhelmed in his new position.
After speaking with an advisory firm on what could be done in the short term to supplement Greg’s resources to help him reduce his learning curve in the new position, as well as manage the upcoming workload, the Uptown executive team elected to bring in a supplemental CISO service to co-source the responsibilities of that role.
After a search and selection process, along with vendor due diligence review, Uptown contracted with a vCISO firm for a 12 month period with set blocks of hours that could be used as needed by Greg. They immediately set up a monthly schedule of a mixture of on-site visits and conference calls, with built in time for unexpected security events and incidents.
The vCISO firm took a project-based approach to the various tasks of the CISO position, and worked with Greg to map out the responsibilities of all parties involved in the various parts of the Information Security Program. This approach ensured that there were no gaps in the work needing to be done and the Uptown management team loved the monthly status reports and upcoming schedule.
This approach also gave Greg added confidence as he knew exactly what tasks were being completed, when they were scheduled, and to whom they were assigned. Greg also benefited from the ability to offload some of the work, and more importantly, from the advice of an experienced banking security professional.