Our services offer skilled capacity to your business:

  • IT Operational and Security Risk Management
  • Virtual CISO services
  • Crisis Management Excercises
  • Supplier Security Reviews

IT Operational and Security Risk Management

Is Information Security important to you? Would you like to better understand these risks and how to address them? We have a holistic approach to help you continuously identify and close IT and Information Security Control gaps.


What we do for you

Lacuna Securities can be your one-stop-shop to guide, assess, control, test, mitigate and report on your operational IT and Security Risks. We have expert resources with many years of experience in their specialised fields that, together, provide a holistic approach to fulfil your requirements.
We focus on helping companies implement and maintain practical controls to manage their operational and security risks. This includes:

  • The Information Security and IT Risk Implementation Project
    Helping your business implement a practical Information Security Risk management methodology, identify, assess, quantify, control and report on these risks
  • The Information Security and IT Risk Monitoring
    Consulting and Technical services that help you maintain and monitor Information Security Risk Management. Also a periodic, ‘dip-in’ service that to continuously review and improve control gaps and methods to overcome these
  • The Information Security and IT Risk Audit Reviews
    An independent Information Security Audit Review to help you with you level of confidence and assurance of implemented Information Risk processes and controls

Would you like to connect with us?  Book Meeting Send Email

Virtual CISO (Certified Information Security Officer)

Our Virtual CISO service ensures businesses have access to the right security skills and capabilities, at the right time, through an on-demand model.

Benefits to your business

  • Lower cost as you pay for the support required rather than a fulltime employee
  • Ability to address market demand as you can access the capabilities quickly, reducing time and cost of attracting and retaining scarce talent
  • Improved maturity with a breadth of experience that deliver effective improvements to your security posture
  • Use of existing capability whereby current investment in expertise and technology is leveraged to enhance security.

Our Focus

The Virtual CISO service focuses on four key capabilities:

  • Strategy: Align business, information and cyber risk strategy, innovate and define roadmap. Manage risk through targeted investments
  • Threat management: Understand the threat landscape, identify critical assets and manage the effectiveness of cyber risk treatment
  • Advisory: Educate, advise and influence activities across the business, ensuring cyber risks are understood and managed effectively
  • Technology: Define and embed security standards, assess and implement security technologies to develop capabilities

This blend of capabilities ensures the Virtual CISO can successfully interact with, and influence, senior stakeholders, business owners and technologists alike. This ensures that information and cyber risks can be effectively and efficiently managed, ensuring investments are targeted appropriately to reduce business risks in line with your risk appetite.

The Engagement

The Virtual CISO service is based on two elements, the on-boarding process and the ongoing delivery.

  • On-boarding: fixed price engagement, 5 days effort. Output of which is the service description and agreed monthly effort.
  • Monthly Service Charge: Based on client requirements, this will include a combination of onsite and remote support

Our Approach

Our Virtual CISO is delivered through a blend of on-site and remote support, including voice or video calls and email. The service is comprised of a one-off on-boarding process followed by a delivery model designed to meet your specific requirements.

Whilst some organisations may have strong technical capabilities but lack board engagement, others may require an increased focus on understanding their threat landscape or on developing technical standards.

During the on-boarding process your business strategy, regulatory and threat landscape and existing structures and capabilities are reviewed. This ensures the resulting service is tailored to your specific needs and delivers relevant business benefit by integrating with your existing capabilities. This includes the following:

  • Strategy: Reviewing business strategy, and regulatory and legislative landscape.
  • Threat Management: Reviewing business model and operations to understand the threat landscape
  • Advisory: Identifying in-flight programmes and projects that are impacted by information, cyber and privacy risks.
  • Technology: Reviewing current capabilities and their effectiveness in supporting those needs.

Once the on-boarding process is complete, the scope and objectives of the Virtual CISO will be documented in a service description. Using a fixed monthly charge and/or fixed rate you can ensure you have access to the right capabilities at the right time.

Would you like to connect with us?  Book Meeting Send Email

In need of bespoke Operational and Security Risk training?  Bespoke Training