FISO – Flying Information Security Officer
The FISO or Flying Information Security Officer expert advisory service, brings flexible & independent expertise to any organisation that want to address today’s IT risks efficiently and optimized within their available budget or context.
The Flying Information Security Officer, is an experienced security profile that has technical expertise and is trained to think in terms of risks through the eyes of the business.
Today every organisation, big and small, is targeted by hackers. Many small to mid-size organisations don’t have the need nor the resources to invest in a full-time Chief Information Security Officer (CISO). As a consequence they might not be addressing some important risks that could impact their business significantly. An experienced information security expert can, however, bring a lot of added-value to such organisations in just a few hours or days a month. The Krinos FISO is born.
Flexible and independent expertise optimized for your needs
The FISO can help with a wide range of topics including: conducting business risk assessments and defining quick wins, defining or improving the information security strategy, auditing the work done by your IT supplier, giving security advise on current and future IT projects, organising cyber security awareness programs and advising the board on the highest risks that should be addressed first.
Together with the organisation, the FISO defines a structured agenda with objectives for the coming year. The FISO can work both onsite as well as remotely for urgent requests.
The 20 Critical Security Controls
Traditional compliancy based security is failing. If you believe your organisation is safe because it successfully passed an ISO2700x or other security standard audit, the future will prove you wrong. Cyber resilient organizations embrace the reality that their organisation is already hacked and start focussing on hunting down the malicious elements that are already inside. These organisations invest in real security that can be automated and measured. The best starting point in todays extensive landscape of frameworks and best practices are the 20 Critical Security Controls. The 20 CSC are free and available here: https://www.cisecurity.org/
The 20 CSC focus on the most fundamental and valuable actions
that every organisation should take to defend against todays cyber threats
The 20 Critical Security Controls
are a relatively small number of prioritized, well-vetted, and supported set of security actions that big and small organisations can take to assess and improve their current security state. They are unique
because they don’t only tell you what to do but also how to do it. The controls describe objective validation tests that allow you to measure if a control has been successfully implemented.
Assess, define and measure the cyber strategy
As an independent cyber security partner, Krinos can guide organisations in defining a cyber security strategy. We can follow-up the practical implementation of the strategy. Based on objective criteria we can score each of the 20 controls and assess the current security posture of your organisation. From that assessment we define an action plan with quick wins. Depending on your industry and the size of the organisation we further prioritize the 20 controls within your budget and operational risks. When a control has been implemented Krinos can organise verification tests to measure and validate the effectiveness of the control.