Your Part-Time Chief Security Officer

Security is a process, a state of preparedness, not a product.

Because physical and information security don't drive earnings or revenue growth, security wasn't a hot topic among top executives and business owners -- until recently, that is.

In a time of widespread corporate layoffs, new data-protection laws and growing threats from debilitating computer viruses, hackers, fraud, and terrorists… the vulnerability of a company to potential security breaches has never been more real. For small, medium, and large organizations alike, security planning has become a top priority.

All of us have been made painfully aware of an urgent need to assess and upgrade the security protecting our information systems, and to protect the privacy and physical security of our workplaces. As a key step in achieving those goals, large companies are establishing a new executive-level position, that of the chief security officer (CSO). Small and medium size businesses, faced with practical budget realities, are opting to outsource their efforts to Security consulting practices and Managed Security Service providers.

Companies are elevating the security officer job to C-level status because the risks to data and people have multiplied in complexity within just a few years. Those companies appointing CSOs have decided that security is too complex and serious an issue to be managed by already-overburdened CIOs.

It takes a uniquely skilled individual to manage comprehensive security, someone who has credible knowledge of the business as well as a good technical grasp of the issues.

Understanding The CSO Role:

The role of the chief security officer is to safeguard the confidential information, assets and intellectual property that belongs to the company. The scope primarily involves computer security but also covers physical security as it relates to safeguarding of information and assets.

Security is a very broad discipline including several essential areas:

• vulnerability assessment and risk management;
• access control systems and methodology;
• telecommunications and network security;
• security management practices;
• applications and systems development security;
• cryptography;
• security architecture and models;
• operations security;
• business continuity planning and disaster recovery planning;
• law, investigations and ethics;
• and physical security.

The core responsibility of the CSO will be vulnerability assessment and risk management. It is in the company's best interest to have the CSO perceived as an impartial assessor of the technology environment instead of a possible rubber stamp.

The AXiXA CSO Service:

This subscription-style service provides our clients with a part-time CSO - an experienced IT professional and manager, adept with a range of security concepts, processes, methodologies and technologies.

Your AXiXA CSO will begin with a Discovery session, to carefully understand your current business processes, goals, and practical realities.

Following Discovery, your AXiXA CSO will execute a comprehensive Audit and Vulnerability Assessment of the existing business environment. This will produce a security baseline detailing existing policies & procedures, physical and information security mechanisms, current vulnerabilities, and a risk vs. threat assessment.

With a solid understanding of the business, and a comprehensive Security baseline in hand, your AXiXA CSO will develop an overall Security Strategy and detailed Security Plan for your business. These will be evolved on a quarterly basis, or as-needed, to insure they keep pace with your business.