What We Do
How We Do
Resources
Company
Partners
Get Started
Data sheet / solution brief

eSentire Virtual CISO (vCISO) Services

Cybersecurity Advisory Services To Develop Your Cybersecurity Strategy and Keep It On Track
A graphic outlining key security outcomes you can expect from eSentire Virtual CISO (vCISO) Services.

Many organizations find themselves stuck between ever-evolving cyber threats and tightening regulatory requirements. This can force organizations to piece together and execute informal programs that check the compliance box, but don’t necessarily align and address the greatest areas of cyber risk.

Our vCISO team approach includes a NIST based organization-wide cybersecurity maturity assessment as part of every engagement. This ensures our experts understand your strengths, weaknesses and greatest areas of cyber risk.

Additional services in the vCISO portfolio such as policy guidance, incident response planning and security architecture review are aligned to one singular strategy, road mapped & measured across a multi-year engagement. This allows your organization to mature with a tailored, comprehensive cybersecurity program that meets the stringent requirements of your industry regulations & business objectives.

Our vCISO program supports you in building a more responsive security operation by:

Why eSentire vCISO Services

Our vCISO portfolio contains modules that address each component of your cybersecurity posture, including: policy guidance, incident response planning and security architecture reviews. These are all aligned to one singular strategy and measured across a multi-year engagement.

Program Details Deliverables
Security Program Maturity Assessment (SPMA) In-depth appraisal of your information security maturity against industry standards.
  • eSentire Security Framework Playbook.
  • Client report detailing your current security program maturity ratings and comparison to industry norms.
  • Client roadmap with executive overview and recommendations.
Security Incident Response Planning (SIRP) Focused, pragmatic strategy on key steps to take when an event occurs.
  • Initial (baseline) assessment and Cybersecurity Incident Response Plan development.
  • Annual re-assessment and testing of Cybersecurity Incident Response Plan identifying necessary changes required.
  • Annual tabletop exercise to test the efficacy and accuracy of the response measures that are in place.
  • Update to Cybersecurity Incident Response Plan based on any new findings, environmental or business changes, etc.
Security Policy Review and Guidance (SPG) Best practices for policies and procedures from NIST Cybersecurity Frameworks.
  • Development of updated Information Security policies based on assessment and findings.
  • Guidance and direction on Information Security policy adoption within your organization.
  • Annual re-assessment and review of Information Security policies.
  • Annual review of Information Security policies to identify gaps based on any applicable business, regulatory or legal changes.
  • Findings and recommendations report based on annual review.
Security Architecture Review (SAR) Evaluation and audit of your current technologies, security controls and system criteria.
  • Assessment and review of security architecture with executive summary and detailed recommendations report based on findings.
  • Annual re-assessment and review of security architecture.
Vendor Risk Management Program (VRM) Establish a process to track third-party and vendor risks to your business.
  • Assessment and review of existing vendor due diligence processes.
  • Development of a pragmatic Vendor Risk Management Program including vendor classification and due diligence questionnaires.
  • Annual reassessment and review of Vendor Risk Management program to identify opportunities for improvement.
  • Executive summary on findings and recommendations for future changes to Vendor Risk Management Program.
Vulnerability Management Program (VMP) Create and refine procedures to account for emerging vulnerabilities.
  • A documented program to identify, manage, and report on the security posture of systems and applications, and also on systemic security issues.
  • A vulnerability tracking mechanism, to capture vulnerability data across the environment over time.
  • Metrics for evaluating the overall effectiveness of the program itself and managing improvement.
  • Templates for executive reports regarding risks arising from vulnerabilities and from program deficiencies, risk trending, overdue vulnerabilities, and exception reporting.
  • A summary report of the VMP Development Project.

Program

Security Program Maturity Assessment (SPMA)

Details

In-depth appraisal of your information security maturity against industry standards.

Deliverables

  • eSentire Security Framework Playbook.
  • Client report detailing your current security program maturity ratings and comparison to industry norms.
  • Client roadmap with executive overview and recommendations.

Program

Security Incident Response Planning (SIRP)

Details

Focused, pragmatic strategy on key steps to take when an event occurs.

Deliverables

  • Initial (baseline) assessment and Cybersecurity Incident Response Plan development.
  • Annual re-assessment and testing of Cybersecurity Incident Response Plan identifying necessary changes required.
  • Annual tabletop exercise to test the efficacy and accuracy of the response measures that are in place.
  • Update to Cybersecurity Incident Response Plan based on any new findings, environmental or business changes, etc.

Program

Security Policy Review and Guidance (SPG)

Details

Best practices for policies and procedures from NIST Cybersecurity Frameworks.

Deliverables

  • Development of updated Information Security policies based on assessment and findings.
  • Guidance and direction on Information Security policy adoption within your organization.
  • Annual re-assessment and review of Information Security policies.
  • Annual review of Information Security policies to identify gaps based on any applicable business, regulatory or legal changes.
  • Findings and recommendations report based on annual review.

Program

Security Architecture Review (SAR)

Details

Evaluation and audit of your current technologies, security controls and system criteria.

Deliverables

  • Assessment and review of security architecture with executive summary and detailed recommendations report based on findings.
  • Annual re-assessment and review of security architecture.

Program

Vendor Risk Management Program (VRM)

Details

Establish a process to track third-party and vendor risks to your business.

Deliverables

  • Assessment and review of existing vendor due diligence processes.
  • Development of a pragmatic Vendor Risk Management Program including vendor classification and due diligence questionnaires.
  • Annual reassessment and review of Vendor Risk Management program to identify opportunities for improvement.
  • Executive summary on findings and recommendations for future changes to Vendor Risk Management Program.

Program

Vulnerability Management Program (VMP)

Details

Create and refine procedures to account for emerging vulnerabilities.

Deliverables

  • A documented program to identify, manage, and report on the security posture of systems and applications, and also on systemic security issues.
  • A vulnerability tracking mechanism, to capture vulnerability data across the environment over time.
  • Metrics for evaluating the overall effectiveness of the program itself and managing improvement.
  • Templates for executive reports regarding risks arising from vulnerabilities and from program deficiencies, risk trending, overdue vulnerabilities, and exception reporting.
  • A summary report of the VMP Development Project.

The eSentire vCISO Difference

While most security service providers deliver a one-and-done approach without understanding an organization’s business objectives, cybersecurity strategy and overall cyber risk profile, we operate with insight and context, including a NIST based organization-wide security maturity assessment as part of every engagement. This ensures our experts understand your strengths, weaknesses and greatest areas of cyber risk.

Our vCISO experts:

The results you can expect from eSentire vCISO consulting services include:

Ready to Get Started?

We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.