In recent years, the task of safeguarding businesses against cyber threats and ensuring compliance with security standards has become increasingly challenging. Unlike larger corporations that typically employ Chief Information Security Officers (CISOs) for handling such issues, smaller businesses often lack this dedicated role due to either a perceived lack of necessity or budget constraints.
The growing difficulty in justifying the absence of a CISO has led many businesses without one to adopt a virtual CISO (vCISO) model. Also known as fractional CISO or CISO-as-a-service, a vCISO is typically an outsourced security expert working part-time to assist businesses in securing their infrastructure, data, personnel, and customers. Depending on the company’s requirements, vCISOs can operate on-site or remotely, providing both short-term and long-term solutions.
Various factors contribute to the increasing adoption of vCISOs. It may be prompted by internal crises such as the unexpected resignation of a CISO, the need to comply with new regulations, or adherence to cybersecurity frameworks like NIST’s Cybersecurity Framework 2.0 expected in 2024. Additionally, board members accustomed to CISO briefings may request the engagement of a vCISO.
Russell Eubanks, a vCISO and faculty member at IANS Research, emphasizes the importance of flexibility in vCISO engagements, tailoring the delivery model to match the specific needs of a company, w
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: