Services
vSEC applies decades of security experience to create, assess and improve security programs for large, medium and small organizations. We provide guidance to boards, senior executives and security officers, using our business and security knowledge to help them identify and better manage their organization’s security priorities.
vSEC Cyber Security Consulting Services
COMPANIES ARE UNDER ATTACK. News headlines warn about hijacked email,
ransomware, and hacked databases,1
while regulators, laws and professional
standards make it increasingly clear that businesses must protect their critical
information and operations, with executives responsible for any breaches. The
risks are real. Unfortunately, many organizations lack the expertise to implement
an effective security program. In particular, many board members and senior
executives lack familiarity with the key issues to supervise a security strategy. This
paper presents several elements of information and cyber security, including how
Chief Information Security Offi cers (CISOs) and virtual CISOs can provide advisory
expertise to companies.
vSEC activities provided as part of its virtual CISO services include:
- ● Perform Risk, Control and / or Regulatory Assessments (e.g., NFA 9070, FINRA Small Firm) to help organizations understand the current coverage of their security program and to identify gaps and areas for improvement. This step can meet the regulatory requirement for an independent security assessment.
- ● Evaluate and develop a cyber security strategy and program to support business priorities and risk goals. This includes helping review and write policies to formalize desired security controls
- ● Assist executives, managers and staff with operational integration of information security controls. This includes establishing a Runbook and RACI of security activities and responsibilities.
- ● Design monthly management reports to monitor security program effectiveness.
- ● Establish Third Party Risk Management oversight to review, document and monitor vendor security controls.
- ● Review, develop, and test security Incident Response Plans.
- ● Review and assist with audit, regulatory, insurance, and client risk assessments.
- ● Work with specialized security vendors, e.g., for SOC monitoring, penetration testing, software vulnerability testing and security awareness training.
- ● Provide ongoing guidance based on cyber security best practices.
Email info@vsecllc.com to learn how vSEC can strengthen your cyber security.
vSEC Services and Pricing 2023
vSEC projects focus on meeting the business and security needs of each client. The price range reflects the time,expertise and scope usually needed to provide these services.
While vSEC primarily provides virtual CISO advisory services, we also perform stand-alone projects for clients. Prices for the below services and projects reflect the time, expertise and scope usually needed to deliver these to our clients, although we can offer lower rates for pre-revenue startups and nonprofits.
Monthly Virtual CISO Services
$6,000 to $15,000 / month
This ongoing work covers an average of 1 day to 2 ½ days a week of leadership and support by a 10 to 20+ year security professional to develop a firmwide cyber security program. From assessment to strategy and roadmap, and implementation to monitoring your security effectiveness.
Cyber Risk Assessment
$6,000 to $11,000
Perform a general cyber risk assessment, often using the NIST CSF or CIS-18 framework. Other frameworks available.
Vendor (Third Party) Risk Review
$3,000 to $8,000
Annual project to review appropriateness of security certifications or controls of a client’s own vendors. Initial focus is on vendors providing critical services and access to critical systems or confidential data.
Incident Response Plan, Table Top Exercise
$15,000 to $30,000
As a project, review or draft an Incident Response Plan and perform a “Table Top Exercise” to test the plan and the Incident Response Team in an event scenario.
NFA 9070 Annual Review
$3,000 to $6,000
For NFA regulated firms, perform a review and statement of the appropriateness of the firm’s Information Systems Security Program (ISSP). Click here for a 9070 self-assessment.
Quick Requests
$350 to $400 / hour
For quick requests for assistance not covered within a project or a virtual CISO relationship, vSEC often can provide support on an hourly basis. Common requests include assistance responding to a client security survey, review of a security policy, or advice for a Board meeting.
