Every business is vulnerable. Every business will at one point have a disaster situation, a cyber-breach or both. When these occur, depending on your level of preparation & response ability, the costs can hurt your business or even put you out of business.

Make no mistake about it – every company either has or will experience a security breach or some form of disaster.  With the sheer volume of threats and attacks, prevention is essential. But no matter how much prevention you do, you must also be ready to detect and respond to an inevitable intrusion, breach or interruption in your technology and your business.

Virtual Chief Information Security Officer

Large companies have a team of resources, usually under the leadership of a Chief Information Security Officer (CISO).  The best CISO has both technical and business experience. They know that business processes and practices are as important as technical issues.  They keep up to date on a wide variety of standards, of new threats and best practices. Their team operates under their leadership to implement and manage a proper security program.   On a full time basis, only the largest companies can afford this.

Many companies have taken advantage of a “virtual CISO” – a highly trained, highly experienced executive who can provide expert advice to management and who can bring a team of resources to assess and address issues that affect security and risk.  This is the same resource as you would find in a large company, but in this case, the “virtual resource” operates on an “as needed” model. In addition, there are commonalities in security so although it’s not a “cookie cutter” there are aspects of security which are common to many companies.  The virtual CISO and their team know how to do this quickly and efficiently. The result is that even a relatively small company can afford the type of security operation that they need – at a price they can afford.



Recent legislative changes require every company to have proper privacy and security practices in place.  Without these, they will face potential fines or other actions by governments. Canada’s privacy laws are being updated to put in a series of clear regulations and fines for non-compliance.  Companies that do business outside of Canada must also comply with other jurisdictions – European (GDPR) and even state legislation from the US.


Even if you are a relatively small company and think you can fly under the radar, you will soon see your customers demanding that you prove you are in compliance, especially if your customers are medium or large sized businesses.  Likewise, you may find that you are liable for ensuring that your partners and even suppliers have adequate security and risk processes – and that they practice these.


Cyber Attacks Become a Business


Cyber-attacks are no longer done by thrill seekers although they are out there, pounding your firewall and trying to hack your systems.  But increasingly, cyber-crime has become a multi-billion-dollar business and it is growing. Companies of all sizes have found the are targets of a wide variety of attacks.  Fraud, ransom of data or even just insider attacks from disgruntled or careless employees – the attack horizon keeps growing.


No company is exempt


As the cyber-crime business grows at double digit rates, companies that were not traditional targets have found that they are now under attack.  New cyber-crime “products” make them profitable. They are relatively easy to breach compared to the large companies that have huge security programs and resources.   And they are a gateway to the larger companies if that’s the cyber-crime business model.

The Answer? A Virtual CISO and Security Team

Security takes continual management – it’s not a one-time thing.  
It takes tools and resources. And it needs someone to advise, lead, plan, implement, test and continually update.

Our Virtual CISO Offering

We have one of the leading security professionals in Canada heading our program.  He is one of the pioneers of the virtual CISO and we provide this service for a range of companies.   With him comes a talented and experienced team to help implement and manage security on an ongoing basis.

The virtual CISO offering will help to ensure that you are not only technically compliant, but that you have the policies and practices to establish your security readiness when a client or regulator comes knocking.   It will also help to ensure that when a security breach or disaster does happen that you know exactly how to react and can do so quickly, efficiently and within the requirements legal and regulatory frameworks.

Protect your Business with a Virtual CSO

Security and Privacy Review and Remediation

We have a number of security and privacy standards reviews which we conduct for businesses to ensure that they have the proper frameworks, policies, procedures and management oversight/governance in place to prevent and mitigate security and privacy issues.  In each case we benchmark against the most relevant aspects of standards and legislation. In keeping with our practical approach, we work with you to ensure that you understand the risk/reward and are not developing or paying for unnecessary practices.

Some of the typical review and remediations that we do include:

  • Governance Policy and Procedures – reviewing your security against established standards, in this case ISO27002 which is the “gold standard” for this area.
  • Privacy Assessment – we measure you against the new the European GDPR standards which are the best in the world and modify these to fit the new Canadian PIPEDA standards.
  • Information Security Network Architecture – we review your corporate network architecture against NIST standards.
  • Breach Response – we help you develop and implement a CyberSecurity Breach Response plan which is essential to compliance with PIPEDA and GDPR regulations.
  • Cryptographic Controls Assessment – for companies with the need to secure intellectual property we assess the controls and processes for discovery, creation, renewal and revocation for internal and external systems.
  • Cloud Access Security Advisory – assessing the risks associated with the cloud providers that your company is using along with remediation recommendations specific to each.
  • Privileged Access Management Assessment – a review specific to those accounts that have wide ranging or administrative access whether internal or external (e.g. third-party vendor access).  

know exactly how to react and do so quickly

The expertise to prevent or recover from cyber-attacks, risks and security breaches that can destroy your operation or reputation.