Governance, Risk & Compliance

"Passion for Cyber Security"

“With us, you will find a team with security minded people who share your passion for Cyber Security, on the right side of the fence – protecting and maintaining our clients business continuity.”

CISO-as-a-Service

Overview

The Chief Information Security Officer’s position has become critical in managing and dealing with enterprise risk from financial, compliance and reputational repercussions in the event of a data breach. The concerns of Cybersecurity have been elevated into a board level conversation. 

The modern CISO needs a holistic approach protecting enterprise information and assets, and the board level attention requires a shift towards a more strategic threat response readiness. They are also required to control the regulatory requirement well, and succeed in attaining a desirable security posture. The modern CISO should rightfully be seen as a business partner and not a business protector. 

Brandvakt offers CISO-as-a-Service where we bring one of our highly experienced practitioners to commit to your organization’s information security efforts. We bring to the table highly skilled individuals to add leadership and know-how to ensure risks are mitigated before they can cause damage. Our CISO as a Service recognizes the modern role of a CISO in a holistic way, looking at four different angles; technology, business protector, advisor and strategist. 

The word Brandvakt actually derives from the old city guards, the watch mens, the sentinels ensuring there are no fires and problems happening. Our practitioners are therefore the true Brandvakts of our company that we offer to your organization.

We recognize that not all companies are equal and the challenges differ, which is why we can meet the requirements of small, medium and large enterprises. We conduct an assessment of your company needs and current posture, allowing us to offer what is most suitable. 

  • We provide a ready set up of CISO with the necessary backing of Brandvakt experts with in-depth knowledge across domains.
  • Devise an information security strategy with an immediate focus on ensuring that the basics are implemented and properly maintained – with a clear roadmap to strengthen the security posture and the information security. 
  • Clearly identify the maturity level, the current threat landscape, what needs special attention and protection; weighing risk appetite with investments whilst taking regulatory requirements in mind. 

Provide a cost effective way of maintaining Information security systems and managing risks. 

How it works 

We can engage with your organization in different ways depending on what is suitable. Direct communication with the Board where we assess and advise, as a full time CISO, during a transition or virtual as an advisor to an existing CISO. In terms of delivery Brandvakt is open to discuss project approach or a pre-approved Time & Material approach with clear and distinct KPIs. 

Our CISO as a Service uses a three step process.

Analyze 

Coordinating the entire process, the CISO identifies security requirements based on your organizational goals. The CISO reviews the current setup in terms of people, processes and technology. 

Strategize 

Based on the initial analysis, the CISO helps define the IT security strategy together with all relevant stakeholders. The CISO coordinates with management to get approval and support for the required changes, highlighting all risks or areas of improvement according to level of priority. 

Execute 

In cooperation with relevant departments and external partners, the CISO implements the approved strategy, controlling all security activities and ensuring a smooth execution. Throughout the process, the CISO provides transparency as to how the organization is developing and key changes to the threat landscape.

The CISO Role and Responsibilities

​​1. Follow a robust methodology for running your information security program
2. Take ownership over maintaining your policies, procedures and standards for information security
3. Provide metrics and visibility of tracking
4. Maintain and monitor a list of security controls.
5. Deliver executive-level reporting
6. Be a strategic advisor and executor

 

  • Protecting the confidentiality, integration and availability of data;
  • Long-term cybersecurity strategy development;
  • Governance, Risk and Compliance program development;
  • Risk assessment;
  • Risk management;
  • Security awareness and training;
  • Developing secure business and communication practices;
  • Reporting on security operations;
  • Monitoring security operations;
  • Define metrics and KPIs and measure on program success;
  • Management of personnel and vendor relationships; and
  • Integration and management of other third-party security services.

Benefits with Brandvakt CISO-as-a-Service

Brandvakt typically bases our CSMA using CIS Critical Security Control (CIS-18, former CIS20). CIS-18 are a set of prioritized safeguard controls to mitigate the most prevalent cyber-attacks against systems and networks. These controls are mapped to and referenced by multiple legal, regulatory and policy frameworks (including ISO27001). 

CIS-18 or CIS Controls v8 is revised to include the movement to cloud-based computing, virtualization, mobility, outsourcing, work-from-home and the ever changing landscape of attacker tactics.