CISO As A Service (vCISO, Virtual CISO, Fractional CISO)
SearchSecurity, September 3rd, 2020
September 13, 2020,
Volume 270, Issue 2

A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. By hiring a third-party provider to manage its security program remotely, an organization gains access to staff and resources that it doesn't have in-house, and can better keep up with information security and compliance demands.

"CISOaaS is often paid for on a subscription or per-use basis," notes Margaret Rouse in SearchSecurity, "like many XaaS models. Also, like many XaaS models, CISOaaS offerings may be entirely remote, or may be a hybrid model in which the provider's experts work with an organization's existing security team.

Having robust security leadership is important in the modern organization, as digital transformation increases an organization's overall breadth of vulnerabilities. There is also an industrywide cybersecurity skills shortage, meaning that affordable skilled security leaders are hard to find, and often bounce from organization to organization. CISOaaS provides a potential solution to this problem by providing access to cost-efficient security leadership on an as-needed basis.

CISOaaS may also be referred to as a fractional CISO or virtual CISO (vCISO). Fractional CISO is also the name of a company that provides CISOaaS offerings..."

Read More ...


Other articles in the IT News - CxO section of Volume 270, Issue 2:

See all archived articles in the IT News - CxO section.