In response to growing information security challenges facing organizations and the lack of global resources to help companies and their Chief Information Security Officers (CISO) manage their evolving challenges, Identity Management Institute has launched the CISO Hub™ which is a global information security resource center comprised of a Security Executive Network™ (SEN) and international cybersecurity experts to help organizations meet their information security resource needs.
CISO Hub Objective
The overarching objective of the CISO Hub is to leverage the global security talent pool to support organizations and their management or the Board of Directors with information security thought leadership, resources, and solutions.
Information Security Challenges
The main challenges which prompted the establishment of the CISO Hub and the Security Executive Network are:
- Global shortages of information security experts,
- Chief Information Security Officer work overload,
- High costs of retaining an information security talent,
- Increased time and skills needed for qualifying and hiring a security expert, and
- Lack of sufficient budgets or justification to hire and retain full time security staff.
Consider the following facts about the information security landscape to better understand the need for our services:
- Cybersecurity threats and data breach incidents are on the rise,
- Smaller organizations with less resources are increasingly targets of cyber attacks,
- Compliance with expanding information security and privacy regulations is challenging and time consuming,
- Global shortages in security experts will continue to exist and worsen,
- It takes a long time to fill a cybersecurity position with a qualified candidate justifying the need for interim or temporary cybersecurity experts and leaders,
- Salaries of info security professionals are rising,
- Boards need to independently validate their security posture,
- CISOs are often overloaded and overworked and require CISO augmentation,
- Some companies do not require or can not afford a full-time security executive hence a part-time CISO may be warranted, and
- Special security projects related to mergers, product acquisition, research, or new vendors and offices may require one-time experts.
Examples of CISO Hub Requests
There are many reasons why organizations may consider the CISO Hub resources. For example, depending on the size of organizations and their security risk profile or budgets, some organizations may not need a full time information security resource or be able to afford one. They may need a permanent, interim, or virtual Chief Information Security Officer (CISO) on a part-time or even one-time basis. Other organizations may just need a resource for a special project.
Below are some examples of client requests:
Scenario 1 – We need a part time CISO to be the point contact for all security related matters interacting with internal and external entities. We need a CISO on the books but can not afford a full time one.
Scenario 2- We need a full time CISO to manage our program, policies and staff. The position can be virtual but onsite as needed.
Scenario 3 – We have a short term special project that we need to outsource.
CISO Hub Advantages
CISO Hub provides options and flexibility to help companies engage cybersecurity talents for placement, advisory, or security projects. Below are some of the advantages of using the CISO Hub for all your information security resource and project needs:
- Free evaluation. Our experts offer free evaluation of the client needs to define the project scope,
- International network. Our experts are globally positioned for quick deployment,
- Free vetting. We vet our resources and match the best resource for the project,
- No obligation until assignment is accepted,
- Temporary, full time, virtual, or onsite flexibility, and
- Shared low cost resources. Experts may be assigned to multiple part-time projects to lower costs.
Companies and their teams submit a request for resources. We review the request and fine tune the requisition with the requestor. Then we identify the most appropriate talent for the job. Project oversight may be handled by client or assigned to another experienced CISO Hub member.
Security Executive Network Resources
Most organizations need some kind of security executive leadership to foresee, explain, and help manage the risks. Chief Information Security Officer members of the Security Executive Network can support the existing security leadership or the executive management and the Board to navigate the information security challenges. Other than employing a full time CISO, there are four general circumstances which prompt organizations to engage one of the following types of CISOs:
- Interim CISO – The organization needs an interim CISO until a search for a permanent CISO is completed or prefers to outsource the CISO function to a contractor.
- Part-Time CISO – The organization may not need a full time CISO or be able to afford but, thus, prefers a part time CISO instead.
- One-Time CISO – The organization may need a CISO for a special project.
- CISO Augmentation – The existing CISO of an organization may need leadership support to address all pending and pressing security executive tasks.
Below is a list of services that organizations and their CISOs may consider to receive from CISO members:
- Act as the interim or part-time CISO for the organization,
- Advise the Board of Directors and executive management on security governance and related matters,
- Act as the company’s cybersecurity expert advisor and public face,
- Help with design and review of the information security architecture and program,
- Guide management with security risk management and compliance best practices,
- Double-check assumptions regarding security decisions and actions,
- Select or improve products and services based on customized research,
- Support litigation efforts with a review and analysis of policies for completeness and compliance,
- Support vendor outsourcing decisions and oversight, and
- Execute or oversee special projects and research studies.
Additional information security services may be needed by organizations and CISOs.
Information Security Expert Profile
CISO Hub professionals can submit their resumes to demonstrate up-to-date knowledge and experience in cybersecurity and meet the following criteria to be selected for security assignments:
- Must be ethical
- Must be independent
- Must have the appropriate and recent information security experience and active professional certification
- Must meet the engagement requirements and be dedicated to the success of client organizations
- Must maintain confidentiality at all times and sign a Non-Disclosure Agreement