Cyber Security Board Advisor
CSBA maintains a network of Chief Information Security Officers (CISO) who have functioned in the role as CISO in multiple companies, reporting to the Board of Directors, and having built and maintained enterprise-wide security programs. These experts know the ins and outs of a mature security program and offer your company an independent view of your state of security.
Industry Experts
They are experts in your industry sector and have years of experience helping Board of Directors and Executive Management teams understand the business value of strategic security program development; aimed at reducing risks at reduced costs. The CISO Advisor Service encompasses three primary components: (1) Security Assessment of program maturity, risk posture, and threat posture; (2) Cyber security mentoring of Board of Directors and/or Executive Management Team; and (3) Ad-hoc security advisory services.
Security Assessments
CISO Advisors use a proprietary assessment model to determine your company’s security program maturity, risk posture, and threat posture. After the assessment, the CISO Advisor attends the next two non-consecutive board meetings to provide a read-out on the assessment and share recommendations for focused risk reduction with the Board. Between board meetings, the CISO Advisor continues working with your company security management team to provide expert direction on risk reductions strategies agreed upon in prior board meeting.
Cyber Security Mentoring
A portion of the CISO Advisor’s time will be focused on providing cyber security mentoring to defined persons (usually CXOs or Board Committee Chairman) encompassing Board-level accountability and liability, regular cyber security reporting recommendations, and direction on tools and resources for increasing security education and awareness.
Ad-hoc Advisor Services
The CISO Advisor also remains on retainer for your company to engage for other security related items that arise; such as merger and acquisition questions, advice on the handling of a security incident, and more.