CSO - Managing Operational Security and IT-Security

CSO-as-aService - serving as the CSO/CISO Providing subject matter expertise to the CCO and CTO. Serving as an escalation focal point for daily security, incident, risk & threat management, leading the security operations and supporting the SOC-team.

• Overall accountable for daily security operation 
• Client focal point where security is part of delivery
• Lead the security & incident management team
• Head security operation development and software design
• Support and promote organizations compliance and internal audit teams strategy and agenda 

Establish Efficient Teams for Cybersecurity CoE & Delivery

Recruitment and building of an effective cybersecurity centre of excellence (CoE) and a supporting cybersecurity delivery team. 

• Cybersecurity Advisory Consultants Team
• Cybersecurity Architect Team
• Cybersecurity Project Leader Team             
• Cybersecurity Ethical Hacker / Penetration Test Team
• Cybersecurity Forensic Intelligence & Team 
• Cybersecurity Governance, Risk & Compliance Team

Security Project &

Program Management

Management and governance of security program and projects  life time cycle, from planning to closure. Simplifying executives view of progress through methods of monitoring a project - or a program with stream of projects - and provide reports that matter.

• Assess project/program to assure adherence to plans
• Measure effectiveness to ensure Agile project methods 
• Manage and evaluate project/program risks & threats
• Verifying strategy & goals are met, in time and on budget
• Providing management executive summary report 

Security Training and

Enhancement of Awareness 

Design, develop and implement an effective and measureable security training and awareness program including various methods, tools and processes for employee engagement and interaction, providing measurement of affect and progress.

• Document and assess maturity of training & awareness
• Evaluate and define optimal future state of awareness
• Design, develop and roll-out a organizations global plan 
• Long term plan for continued management of plan 
• Measurement and report for exec management review 

CSO/CISO Advisory Support

Objectives of a CSO/CISO Advisory function is to improve overall quality & governance of security programs through visibility by identifying abilities & opportunities to increase security posture and, reduce complexity in daily management of security operational risk management.

• Evaluate Information Security Managment Systems 
• Verify third parties and vendors quality & effectiveness
• Apply assessment techniques to identify security failures
• Identify opportunities to improve and foster security in mind
• Determine maturity of security protection and awareness

Optimize and Transform IT Security Operations

Transformation of IT security operations through change under controlled sustainable, secure and valued enhancing methods.

• System & data security controls and design 
• System access and authorization methods
• System security tools, processes & procedures 
• System regulatory, compliance and data privacy
• System information event management
• System intrusion and prevention detection 

Physical Security Reviews

Review of organization physical security to meet international standards includes evaluating the existing physical protection, review the maturity and governance of the overall adherence to established security policies and procedures.

• Verify office and client areas security access controls
• Assess physicall access controls & authorization process
• Inspect data centre and physical storage security
• Evaluate level of disaster recovery & business continuity
• Review physical intrusion detecting tools & processes
• Identify security flaws and room for improvement   

Optimization of Workstation Security and Management

Workstations have a limited life time and sometimes needs to be quickly replaced due to results of such as an IT-intruson, a  Malware attacks or a hardware failure. The process need to have a consistant approach to organization strategy for security & compliance. A framework will ensure adherence to any pre-existing governance and compliance to an organizations needs: 

• Workstation security image designs (disc profiles)
• Role based accesses per work group and department
• Effective and relevant procedures for ordering
• User manuals and instructions that meet pre-requisites
• A smooth and coherint process for ordering new hardware

Assessment of the Payment Card Industry/Data Security Standard (PCI/DSS) 

Supporting and reviewing the verification of and organizations compliance and collecting the need of evidence for annual PCI/ DSS assessment and preparing the organizations RoC (report of compliance) for a banking/financial industry organisations.

• Assessment of PCI/DSS compliance and readiness

• Identifying client specific PCI/DSS  compliance issues

• Creating action plan for remediation

• Implement remediation tasks and activities
• Documentation of supporting processes, tools, and evidence for audit purpose
• Creation of an annual road map for CPI DSS compliance 

Security Clearence & Vetting Procedures (Public Sector)

Establish of employee security program, processes and procedures for security vetting and clearance of resources for public sector assignment (applicable where requirement demand service provider and vendors to manage pre-clearence of their in-house employees).

• Security protection instruction and security threat plan
• Process, procedures & work instruction for security vetting
• Advanced security, risk and threat training of employees
• Managing files & forms for offocial security registry controls
• Annual plan for maintenance of security vetting program