While all of us are aware of the need to protect our organisation’s technology from potential threats and security breaches, few are fully aware of the gaps that exist which leave us vulnerable to information security attack.
Indeed, most of us have invested in a combination of technical services and technology to process the information needed to do business, hoping we have taken the steps necessary to establish a line of defence against potential attack. The harsh truth is, however, that in many cases, these products and services were not designed to work with each other and experience shows it is normally the gaps between these tools and services that lie at the root of most of the security challenges facing businesses and organisations. This means that our investment is often undermined and crucially we are often unaware of this vulnerability until it is too late.
To fill this gap, we need someone who understand the current information risk environment in which the business operates and who can take responsibility for all strategic information security goals – the role of CISO – with proven experience and authority to perform the function for their business or organisation. This individual needs to inform, influence and support the organisation’s board, shareholders or partners and requires knowledge and resources to engage their full support. This applies to micro businesses through to large companies and institutions.
Whatever the size of an organisation, one individual needs to be responsible for information security and that person is usually the Chief Information Security Officer (CISO). In smaller companies, this is likely to be one of a number of roles held and may not realistically be the focus. Yet the implications of a security breach are far reaching, both in terms of finance and reputation, so the CISO role is a vital one.
Few would ever expect to manage the full accountancy or legal function of an organisation in house, relying on expert professional guidance and resource to deliver effective solutions. It is within this context that SRM has developed VirtualCISO. In reality this service goes above and beyond the simple task of filling the gap. But it is not intended to replace or undermine the roles of Chief Technical Officer (CTO) or CISO in any way, rather enhancing, resourcing and advising these officers on how best to manage all aspects of Information Security Risk.