ACSG Virtual CISO Consulting consist of the following services

Governance, Risk and Compliance

  • Identifying regulatory requirements
  • Determination of inherent risk score of organization
  • Selection of security controls as per inherent risk
  • Development and implementation of controls
  • Assess controls
  • Risk Management strategy – Identify and Manage risk
  • Compensating controls – Risk exceptions
  • Security Control assessments based on regulatory framework that involves NIST CSF and SP 800-53 along with FFIEC control framework

Policy development and reviews

  • Development of corporate policies and governance strategy
  • Development of Control standard and aligning technical solutions under each control standard
  • Information Security Governance framework that involve adherence to policies and standards
  • Information Security and Privacy framework

IT Audit technologies based on regulatory frameworks *NIST, ISO , COBIT, FFIEC, FISMA, FINRA

  • IT audit and controls review
  • SOC reports  (SAS70 SOC1 SOC2 , SOC3 using SSAE methodology)  internal controls review
  • SOX audit testing
  • Third party assurance techniques  using BSIMM model- Software security assessment for Vendors BSIMM
  • Healthcare regulatory experience
    • HIPPAA , FDA CFR part 11, HITRUST

Privacy (EU Laws, GDPR framework and mandates)  including review of privacy laws and how these should be adopted

  • Data Subject Access requests  development and review of DSARs for GDPR (Information gathering, data erasure requests )
  • Data mapping
  • Treasury controls NIST SP800-53
  • Performing Privacy Impact assessments

Technical Testing

  • Security gap assessments , compliance assessments based on CIS benchmarks
  • Vulnerability assessment and scanning (review vulnerability results and advise on remediation techniques)
  • Cloud security assessment (based on CCM Cloud control matrix from CSA)

Secure SDLC Techniques

  • OWASP Top 10
  • SANS Top 25
  • Security principles
  • Incorporating SDLC into development phase gates
  • Secure software testing and reviews