vCISO (Virtual CISO) engagements are objective-based and tend to follow an agreed-upon time-frame.
A current client has the following objectives for their security program over the next 18 months:
- Quarterly security awareness training for all users
- Preparation for an external security audit
- Monthly security committee participation and general consulting
- Annual risk assessment and penetration testing
- Security policy development
- Incident response program implementation
- HIPAA security compliance
These objectives were quantified and agreed-upon by FRSecure and our client. We constructed a solution that fit their budget, agreed on monthly invoicing terms, and began work right away. The client spent 20% of the cost of a full-time CISO capable of meeting all of these requirements over the same period of time and accomplished 100% of their security objectives.