Introducing the virtual Chief Information Security Officer (vCISO)

Introducing the virtual Chief Information Security Officer (vCISO)

Keith Banks

Many organizations struggle to find the right person to lead their information security efforts. With security labor shortages, it can be difficult to find affordable resources with the right combination of technical, compliance, and leadership experience. Security professionals understand they are in demand – security executives on average leave after just 30 months on the job. An alternative solution that has rapidly grown in popularity is outsourcing the Security Officer role. Cisco’s 2015 Annual Security Report states:

“Contracting a virtual CISO can be far more cost effective than hiring a full-timer. They can fill in where you need it the most, helping your CIO pull together your security policies, guidelines and standards. Many organizations are asking other executives to step into the gap, and they often lack the expertise required to outline a solid information security policy and drive it forward. Would you want a podiatrist filling in for a neurosurgeon?”

TrustPoint’s virtual Chief Information Security Officer solution (vCISO) is directed toward small to medium-sized organizations that need the guidance of an expert security leader, but do not require the expense of a full-time CISO. In addition, this solution is utilized by businesses experiencing a transition in security leadership or who are looking for rapid maturation of their security program.

With our CISO services, there is no need to worry about the experience of the professional leading your security efforts – our team of experts have accumulated decades of experience in implementing security and privacy programs for leading healthcare organizations. We have performed regulatory assessments, developed security roadmaps, and managed the implementation of security programs for healthcare organizations of all sizes.

vCISO Case Studies
Small Community Hospital

A community hospital system lacked experienced security leadership and is located in an area that lacks in skilled security resources. In recent years, they also experienced the pain of a significant security breach. A TrustPoint CISO now guides the organization in the implementation of a two-year plan to achieve full compliance with the HIPAA Security rule. The plan includes building defenses against phishing, ransomware, and the threat of lost or stolen equipment. The vCISO works closely with the hospital’s staff to continually assess security risks and devise cost-effective remediation plans.

Large Hospital System

A large healthcare organization was creating its first CISO role, but was uncertain about the requirements for this new position. They had a small security team, and desired to accelerate their security program to provide confidence to the board of directors in their HIPAA compliance and cyber resiliency.

TrustPoint provided this organization with the interim CISO leadership needed to assess compliance gaps and security risks, develop a multi-year strategy, oversee the implementation of new security controls and processes, and mentor the existing staff. After a successful year, we assisted the organization in identifying a full-time security officer resource and gracefully transitioned responsibilities to the new leader. In one year, this organization has undergone a dramatic transformation in their security and compliance posture, and are continuing their momentum under the new leadership.

Regional Health Plan

A health plan has struggled with insufficient security staffing and a lack of leadership. After a failed attempt to hire a security officer, they turned to TrustPoint for a virtual CISO. We are currently assisting this organization in achieving compliance with the new New York DFS Cybersecurity rules, improving upon their HIPAA compliance program, and mitigating outstanding security risks.

TrustPoint virtual CISOs are available to your organization on a part-time or full-time basis. We can also provide a complete managed security program, an annual approach that includes risk assessments, policy development, strategy, and implementation oversight.

Contact us today to learn more about our services and to receive a complementary one hour consultation with one of our Security Advisors.