You are here

The Pros and Cons of Hiring a vCISO

March 31, 2020 @ 2:00pm

Data security is a topic that’s widely debated and discussed, yet managed and implemented inconsistently across organizations. On one end of the spectrum, the management and protection of critical data assets is left to IT to figure out. IT department resources are often technically proficient, but lack the regulatory and business-based knowledge necessary to take proactive measures. On the other end of the spectrum, organizations designate security officials who manage data security from a strategic level. A vast majority of organizations fall somewhere in the middle. Many do not have a designated official—an Information Security Officer (ISO).

For organizations that may not want to hire a full time Chief Information Security Officer (CISO), a virtual CISO (vCISO) is a great option. With a vCISO, you get top-tier advisors with a vast depth of experience in the field, at a lower cost. The vCISO can help you define your strategic plan and then help you implement it. What makes this both effective and desirable is that you get a strategy, someone to help execute it, and the ability as the client to control the cost. That being said, there are things a vCISO won’t or can’t provide, and it’s important that you understand the pros and cons of hiring a vCISO when deciding on the service.

Key Takeways:

  • What is a vCISO?
  • Understanding the benefits and challenges of hiring a vCISO
  • What to look for when hiring a vCISO

Renee E. Broadbent, MBA, HITRUST CCSFP, CHQP - IT Assurance Senior Manager, Wolf & Company, P.C.