In brief, the following is what a client can expect from an interim CISO:

  • The CISO will be on-site for a defined period; specified days/week or weeks/month
  • CISO is responsible for a set of agreed upon routine security responsibilities
  • CISO also works on designated projects outside of routine security operations
  • CISO is reachable by phone / email at all times

The activities can include security program design and operations for:

  • Compliance Duties including performing risk assessments
  • Managing Monitoring, Logging, and Reporting
  • Coordinating Incident Response
  • Developing Training and Awareness sessions
  • Performing System Design reviews to ensure adequate security
  • Vendor Contract Review
  • Performing Asset Classification
  • Coordinating Penetration Tests
  • Governance development / improvement
  • Disaster Recovery/Incident Response testing