Bringing you live news and features since 2013
Bringing you news, views and analysis since 2013
Bob Nicolson, Nicolson Bray

29822

The case for a virtual Chief Information Security Officer

RELATED TOPICS​

By Bob Nicolson, Head of Consultancy at Nicolson Bray – Organisations today are facing a dangerous combination of mounting cybersecurity threat and a lack of in-house expertise to meet the challenge. Smaller firms have typically allocated responsibility for information security to a member of the operations or financial team and given IT the responsibility for technical cyber security.  In most cases these responsibilities are secondary to the allotted individuals main role, resulting in issues around prioritisation and conflicts of interests.

As such, it is now commonly understood that having a person, or team, solely accountable for cyber security has become a necessity if a firm is to adequately protect itself from cyber security threat.  Without this, organisations often struggle with the complexity of interconnected technical, physical and personnel controls that make up a complete cyber security framework.

Going beyond this, there is also a requirement for someone to create strategic security plans, lead on cyber security risk reduction activities and provide meaningful reporting at board level: this is the role of the Chief Information Security Officer (CISO)

Recruiting a CISO

In common with many cyber security roles, whilst the demand for CISOs is growing daily, there is a very limited supply of adequately experienced and qualified individuals.  It has been many years since the Information Systems Security Association spoke of a “missing generation” in information security, pointing to an estimated 300,000 to 1 million vacant cyber security jobs.  

In addition, retaining an experienced CISO can be extremely challenging – according to one Ponemon study, senior security executives leave on average after just thirty months on the job.  

This all creates some serious issues when it comes to finding a CISO for your firm.  And of course, there is the challenge of determining whether someone is the right fit for your business when you don’t have the security experience needed to properly evaluate a CISO…

Enter the virtual CISO

“Renting” a CISO could be the answer. In fact, contracting a virtual CISO can be far more effective than hiring a full-timer.  With a virtual CISO, there’s no need to worry about benefits or monthly overhead.

For smaller Firms, it simply doesn’t make sense to invest in a full-time CISO when you can hire a virtual one and get all of the skills you need to draw up a strategic overview and deliver the big picture. 

Larger organisations also often need someone to step in on an interim basis. Perhaps to provide supervision and advice for your in-house security team, or simply to ensure that you only pay for what you need. 

A qualified virtual CISO is going to be fully up to speed on the latest best practices, they have experience dealing with a wide variety of scenarios and they are well-positioned to train your internal staff.

They can fill in where you need it the most, helping your CIO to create or review your security policies, guidelines and standards. That could entail anything from coming to grips with Security Standards or FCA compliance, to staying on top of Portfolio Assets’ cyber security risk assessments. 

A virtual CISO can be invaluable, don’t wait until a breach occurs – prevention is always better than cure.

Latest News

DWS has announced the latest development in its strategic growth push in Alternative Credit with..
According to the latest ESG data from PwC Luxembourg finds that investment flows towards EU..
Solactive and private equity data provider CEPRES have established a new partnership for to introduce..

Related Articles

Pension funds
UK defined benefit (DB) pension plan sponsors could have access to GBP 1.2 trillion in surplus assets over the next decade, industry research reveals...
UK defined benefit (DB) pension plan sponsors could have access to GBP 1.2 trillion in surplus assets over the next..
Tim Crawmer, Payden & Rygel
Tim Crawmer and Frasat Shah of Payden & Rygel write that higher yields are attracting more demand from investors. Also, given that equities had a strong year last year, big funds have taken some chips off the table in equities and put them into fixed income...
Tim Crawmer and Frasat Shah of Payden & Rygel write that higher yields are attracting more demand from investors. Also,..
Lady justice
Top marks for the Pensions Regulator (TPR) whose efforts to improve resilience in the UK pension funds’ liability-driven investment (LDI) strategies received glowing commendations from the Bank of England in its March report...
Top marks for the Pensions Regulator (TPR) whose efforts to improve resilience in the UK pension funds’ liability-driven investment (LDI)..
Pension funds
Four potential operators of pensions dashboards (Just Group, Legal & General, Moneyhub and Standard Life, part of Phoenix Group) are coming together to instigate a new industry coalition...
Four potential operators of pensions dashboards (Just Group, Legal & General, Moneyhub and Standard Life, part of Phoenix Group) are..
Subscribe to the Institutional Asset Manager newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by