KEY SERVICES

CISO Advisory Services 

Executive Advisors Group offers a range of CISO advisory services including:

• vCISO or Fractional CISO - Ideal for organizations that need either structured oversight over their security programs or the occasional ad hoc discussion on security, governance, and risk topics with security staff, executive leadership teams, or the board of directors.  
• Interim CISO - Ideal for organizations that are backfilling their CISO role and need an interim CISO to oversee the security program until the ideal candidate is selected and on-boarded. EAG can assist with the selection process and help interview prospective candidates for their technical and cultural fit with the organization. 
• Project Focused - Ideal for organizations that have specific security projects that require CISO level executive focus and support. 
• Security Program Target Operating Model - Ideal for organizations that are looking to formalize their target operating model for their security program including analysis related to security budgets, security capabilities, in-sourcing & outsourcing of security functions, and regulatory requirements. 

Security programs are under near constant scrutiny. As a consequence, capabilities and readiness assessments offer quick insight as to whether the security program is aligned to organizational objectives and priorities. Key assessments include the following:

• SOC 2  
• CMMC  
• ISO 27001  
• NIST Cybersecurity Framework (CSF)
• FedRAMP
• Security Program Assessment 
• Security Capabilities Assessment 
• Regulatory Reviews 
• HIPAA Security Rule Assessment 
• HIPAA Privacy Rule Assessment 
• Business Impact Analyses 

The security applications and tooling used to protect our organizations must keep pace with adversarial capabilities. Accordingly, Executive Advisors Group provides requirements analyses, current capabilities assessments, and strategic sourcing for security and governance services and tooling. 

Executive Advisors Group can work with system integrators and VARs to facilitate strategic account planning, presales support, and corporate messaging for targeted audiences. Specific services include:

• Support of client due diligence inquiries 
• Facilitating client dinners & client events
• Participation with client discovery sessions
• Quality reviews of service documents
• General executive advisory services

Incident response programs and their effectiveness are integral to overall security program design. Executive Advisors Group helps organizations evaluate the effectiveness of their incident response programs via the following services:

• Incident response plan review or development 
• Evaluation of incident response runbooks for common scenarios
• Incident response workshops for key organizational stakeholders
• Incident response tabletop exercises 
• Strategic sourcing for forensics and technical support 

Security programs, to be effective, should be aligned to the organization's strategy and initiatives. Executive Advisors Group can facilitate the development of a comprehensive security program strategy and the associated target operating model that addresses key factors including:

• Requisite security controls
• Staffing levels and required competencies
• Security budgeting 
• Vendor and tool rationalization
• Evaluation of in-sourcing, co-sourcing, and out-sourcing pros and cons 

Developing security policies and their corresponding security procedures are foundational to security programs. Executive Advisors Group offers the following services:

• Security policy review or development
• Standards and/or regulatory review of policies for adequacy and completeness
• Security procedure review or development including identification of key roles & responsibilities, requisite systems or tooling, evidencing procedural effectiveness, and required resources

Vendors can frequently represent under-triaged risks for organizations. Accordingly, Executive Advisors Group helps organizations evaluate the security and privacy risks associated with current vendors and suppliers while also offering support to build out risk-aligned vendor management programs. 

Privacy Impact Analyses are integral to privacy programs. Executive Advisors Group's PIA evaluates a number of key privacy risks to help inform good privacy governance practices. Key topics assessed include:

• In-scope regulations and contractual obligations
• Key privacy principles
• Identification of privacy rights 
• Privacy lifecycle 
• Awareness & training
• Privacy notices & disclosures
• Vendor risks
• Reasonable Security practices

Privacy regulations require organizations to implement a number of controls and procedures. Executive Advisors Group can facilitate regulatory reviews and the documentation required to ensure compliance. 

Vendors can frequently represent under-triaged risks for organizations. Accordingly, Executive Advisors Group helps organizations evaluate the security and privacy risks associated with current vendors and suppliers while also offering support to build out risk-aligned vendor management programs.