The virtual CISO could be an option that provides executive leadership qualities, security program deliverables, and oversight.
- Gartner
- Gartner
Virtual Cyber Security Office (vCSO)


Why Organizations Need Virtual CSO
You share many of the complexities and risks of larger firms but with fewer resources. Keeping up with accelerating threats and executing best practices in technology, process, personnel, and policies requires a hard-to-find executive with a team of specialized experts that are unaffordable as full-time hires. vCSO gives you on-demand access to seasoned executives and specialists.Virtual CSO Benefits
Our seasoned executives and subject matter experts provide what you need at a fraction of the cost of employing such personnel full-time. They ensure that you make the most of your lean resources, steering you away from over-hyped, under-performing offerings, for example.How Virtual CSO Serves Organizations
We assess your needs, develop a roadmap to achieve best practices, help implement your security program, craft metrics that monitor its value, and periodically test everything. We work with you as to how best to use your allocated hours per month.Where You Need Us, When You Need Us
- Briefing your board
- Guiding your governance team
- Optimizing budget plans
- Reporting at staff meetings
- Responding to regulators
- Evaluating security products
- Conducting assessments
- Remediating security holes
- Leading incident responses
- Briefing your board
- Guiding your governance team
- Optimizing budget plans
- Reporting at staff meetings
- Responding to regulators
- Evaluating security products
- Conducting assessments
- Remediating security holes
- Leading incident responses
Tangible Security's vCSO service provides:
- Security program assessment
- Security program roadmap planning
- Independent and objective view of risk, compliance and security posture
- Experienced senior security manager; avoids costly mistakes
- C-level presentation skills on current and future cyber security initiatives
- Virtual attendance to meetings, physical attendance as required
- Cybersecurity interface with regulators, banks, partners and customers
- Evaluation and recommendation of security products & technologies
- Governance, Risk Management & Compliance (GRC) program oversight
- Assistance with development and maintenance of:
- Cybersecurity policies, processes and controls
- Business Continuity and Disaster Recovery plans
- Security Awareness Training program for employees
- Third-party vendor security compliance program
- Coordination of security breach and incident investigations
- Cybersecurity compliance expertise with:
- Health Insurance Portability & Accountability Act (HIPAA / HITECH)
- Sarbanes-Oxley Act (SOX)
- Payment Card Industry (PCI Data Security Standards)
- Gramm-Leach-Bliley Act (GLBA)
- Federal Information Security Management Act (FISMA)
- Family Educational Rights and Privacy Act (FERPA)
- EU Data Privacy and Safe Harbor
- Assistance with security engineering to include secure software development or any company project that may require security input, for example,
- Network changes, mergers, system upgrades, web site changes, etc.
- Access to secure client portal, including:
- Latest security news
- Recommendations & best practices
- Support ticket entry and tracking