The role of the CISO
At Nicolson Bray we know that protecting your organisation from cyber security attack is an ongoing process. Business and technology risk needs to be continuously monitored and where necessary corrective actions taken. Your senior management team needs to be kept abreast of both the evolving cyber security threat landscape and how vulnerable your business is to that threat.
"What we will be looking for is a ‘security culture’ in firms of all sizes – from the Board down to every employee."
- Nausicaa Delfas, Director of Specialist Supervision at the FCA
This is the role of the Chief Information Security Officer (CISO) - a cyber security leader responsible for ongoing risk management, reporting regularly to the senior management team and keeping the organisation abreast of cyber security issues. Importantly the CISO should be independent of IT in order to give an impartial view of cyber risk within the IT estate.
For many organisations a full-time CISO is not necessary. For these organisations Nicolson Bray has developed our Virtual CISO service.
The Virtual CISO
Your Virtual CISO will initially work closely with you to define a cyber security strategy and programme for your business. Once in place, they will manage the implementation of that strategy and drive the delivery of cyber security improvements and risk reduction. At the same time, they will proactively monitor real-time threats to your organisation enabling your senior management team to make informed cyber security risk decisions.
Your Virtual CISO will also work with your staff to ensure they are aware of thier part to play in preventing attacks, and give them training on the human behaviour parts of cyber security defence.
And of course in the case of an incident they will guide you through the response and help you to recover business operations quickly and effectively.