Commissum

Chief Information Security Officer (CISO) Outsourcing


Commissum’s Chief Information Security Officer offers expert information security recommendations.

A Chief Information Security Officer (CISO) plays a key role in the management of an organisation’s information security profile, particularly in the light of the ever-increasing number of information security-related regulations that organisations large and small are expected to comply with.

The role of the CISO is complex. It requires considerable experience, both business and technical, to be successful in balancing business risk with environmental and financial objectives, while taking into consideration business constraints and organisational culture.

Today’s extended enterprise includes clients, suppliers, outsourcing partners, stakeholders and joint ventures. Together these form a complex matrix of operational, cultural, legislative and reputational risks.

Often the ability to demonstrable compliance with the Data Protection Act and ISO 27001 becomes a requirement to join a project or bid for work. Only the largest organisations have the resources for these challenges.

Mid-market and SME organisations, however, are frequently unable to dedicate in-house resources to address their information security challenges. They either do nothing, or implement point control in a way that is less than coherent and bypasses strategic thought. Co-opting a junior or inexperienced employee to fill the CISO role often proves worse than doing nothing at all.

Commissum’s outsourced CISO offering avoids this problem by providing a highly experienced CISO with relevant qualifications, such as ISACA’s Certified Information Security Manager (CISM) or CGEIT (Certified in the Governance of Enterprise IT), to help your business to do the following:

  • Meet globally accepted best practices
  • Develop a robust and reliable Information Security Management System (ISMS)
  • Optimise technology
  • Maximise return on investment
  • Maintain compliance
  • Develop a security culture
  • Provide technical expertise using the knowledge of our consulting pool, or by themselves becoming a consultant for an appropriate task
  • Provide intellectual leadership and advice to senior management and the Board
  • Identify, analyse and communicate security-related risks
  • Develop a sustainable security strategy

Each organisation’s requirements are unique. An hour is spent delineating the current state of your information security with an expert Commissum consultant at no charge.

The Commissum consultant will then define a set of potential high-level objectives and functions that act as input for a (chargeable) half-day workshop at the client’s premises, where these objectives will be tabled for discussion by the relevant stakeholders, and a final list of objectives will be agreed.

The output of this workshop will be a remedial roadmap, compiled by the consultant and delivered to the client, which will encompass the objectives agreed in the workshop.

Customer Benefits

  • Best possible ROI for your information security budget
  • Compliance with relevant legal and regulatory requirements
  • Robust and best practice approach to information security management
  • Sustainability of your ISMS in the future