Information Risk Management

Our services offer skilled capacity to your business:

IT Operational and Security Risk Management
Virtual CISO services
Crisis Management Excercises
Supplier Security Reviews

IT Operational and Security Risk Management

Is Information Security important to you? Would you like to better understand these risks and how to address them?
We have a holistic approach to help you continuously identify and close IT and Information Security Control gaps.

What we Do for you

Lacuna Securities can be your one-stop-shop to guide, assess, control, test, mitigate and report on your operational IT and Security Risks. We have expert resources with many years of experience in their specialised fields that, together, provide a holistic approach to fulfil your requirements.

We focus on helping companies implement and maintain practical controls to manage their operational and security risks. This includes:

The Information Security and IT Risk Implementation Project
Helping your business implement a practical Information Security Risk management methodology, identify, assess, quantify, control and report on these risks
The Information Security and IT Risk Monitoring
Consulting and Technical services that help you maintain and monitor Information Security Risk Management. Also a periodic, ‘dip-in’ service that to continuously review and improve control gaps and methods to overcome these
The Information Security and IT Risk Audit Reviews
An independent Information Security Audit Review to help you with you level of confidence and assurance of implemented Information Risk processes and controls

Virtual CISO (Certified Information Security Officer)

Our Virtual CISO service ensures businesses have access to the right security skills and capabilities, at the right time, through an on-demand model.

Benefits To Your Business

Lower cost as you pay for the support required rather than a fulltime employee
Ability to address market demand as you can access the capabilities quickly, reducing time and cost of attracting and retaining scarce talent
Improved maturity with a breadth of experience that deliver effective improvements to your security posture
Use of existing capability whereby current investment in expertise and technology is leveraged to enhance security.

Our Approach

Our Virtual CISO is delivered through a blend of on-site and remote support, including voice or video calls and email. The service is comprised of a one-off on-boarding process followed by a delivery model designed to meet your specific requirements.

Whilst some organisations may have strong technical capabilities but lack board engagement, others may require an increased focus on understanding their threat landscape or on developing technical standards.

During the on-boarding process your business strategy, regulatory and threat landscape and existing structures and capabilities are reviewed. This ensures the resulting service is tailored to your specific needs and delivers relevant business benefit by integrating with your existing capabilities. This includes the following:

Strategy: Reviewing business strategy, and regulatory and legislative landscape.
Threat Management: Reviewing business model and operations to understand the threat landscape
Advisory: Identifying in-flight programmes and projects that are impacted by information, cyber and privacy risks.
Technology: Reviewing current capabilities and their effectiveness in supporting those needs.

Once the on-boarding process is complete, the scope and objectives of the Virtual CISO will be documented in a service description. Using a fixed monthly charge and/or fixed rate you can ensure you have access to the right capabilities at the right time.

Our Focus

The Virtual CISO service focuses on four key capabilities:

Strategy: Align business, information and cyber risk strategy, innovate and define roadmap. Manage risk through targeted investments
Threat management: Understand the threat landscape, identify critical assets and manage the effectiveness of cyber risk treatment
Advisory: Educate, advise and influence activities across the business, ensuring cyber risks are understood and managed effectively
Technology: Define and embed security standards, assess and implement security technologies to develop capabilities

This blend of capabilities ensures the Virtual CISO can successfully interact with, and influence, senior stakeholders, business owners and technologists alike. This ensures that information and cyber risks can be effectively and efficiently managed, ensuring investments are targeted appropriately to reduce business risks in line with your risk appetite.

Information Risk Management

IT Operational and Security Risk Management

What we Do for you

Virtual CISO (Certified Information Security Officer)

Benefits To Your Business

The Engagement

Our Approach

Our Focus

2023 Lacuna Securities Ltd

Privacy Policy

Terms and Conditions

Suite 7, 14 Chertsey Road, Woking, Surrey, GU21 5AH

office@lacunasec.com

Information Risk Management

IT Operational and Security Risk Management

What we Do for you

​

Virtual CISO (Certified Information Security Officer)

Benefits To Your Business