Embedded Files
Committed to create value | Advisory Services
Committed to create value | Advisory Services
Startups and fast adapting enterprises are searching for efficient cybersecurity and compliance solutions to safeguard their growth, which is why often outsourcing is used to either reduce costs or bring in expertise the company doesn’t need permanently on-staff.
We offer CISO as-a-service - Chief Information Security Officer virtual services, providing on-demand expertise in IT architecture, data protection and information security, helping our customers to minimize risk exposure and successfully design security and IT programs from the ground up.
Together with our clients we are defining new security strategy and accordingly reshaping policies, procedures and operational security practices, helping both startups and established financial entities during transformation to succeed in today`s over-regulated world. Our work is validated by independent auditors as our main focus is on audit management and compliance assurance with various security management and operational security standards, e.g. PCI DSS, SOC2, ISO27k1.
Our approach | CISO as-a-service
Our approach | CISO as-a-service
Virtual CISO (Chief Information Security Officer) service is designed to make seasoned IT, data protection and cyber-security experts available to organizations in need for expertise and guidance. Our team has decades of experience building information security programs and maintaining compliance with changing frameworks and legislation, besides we have vast network of independent contractors and partners to bring in exactly the expertise needed for your project.
The business case is simple - a full-time CISO will cost organisation approximately 10000 € per month, while a virtual CISO for a fraction of that cost can achieve quite similar results, besides typical virtual engagements tend to decrease in cost over time as client achieves the desired compliance and grows operations maturity.
Virtual CISO offering is meant to be flexible to meet the needs of individual client, but our engagements always follow plan-do-check-act cycle and we always start with detailed assessment of current environment and sit-down with client to define the desired outcomes and strategy to reach them. Whether you need high-level guidance on a monthly or quarterly basis, or need daily hands-on help, we will be able to provide solution for you.
Typical such service agreement consists or baseline monthly cost for defined activities, 10-80 hours monthly guaranteed expert time at discounted rate and agreed upon hourly rates for ad-hoc needs on top of that, allowing to both get the desired results at low cost, but still assuring there will be needed help available, if needed.
Typical objectives of virtual CISO engagements include:
Information security leadership and guidance;
Steering committee leadership or participation, organisation of needed regular activities;
Security & compliance program management;
Policies and procedures development and maintenance;
Incident Response, Disaster Recovery and Business Continuity planning and participation in IR/DR/BCP testing and execution;
Security awareness training program creation and implementation;
Audit activities needed for particular case - security assessments, vulnerability assessments and penetration testing;
Risk management program creation and participation in risk management activities;
Vendor management and due diligence activities.
Our projects | Client success stories
Our projects | Client success stories
Client: Lokalise
Client: Lokalise
Project: SOC2 Type2 compliance (audit preparation, audit management)
Project: SOC2 Type2 compliance (audit preparation, audit management)
In 2019 Q1-Q2 we worked with rapidly growing US-LV localisation software startup to achieve SOC2 certification by helping them to document and update internal controls, policies, and procedures, assuring that Lokalise securely manages and protects client data.
Client testimony:
Client testimony:
NS Advisory worked with our team for half a year in reviewing and updating our operational and security practices in view of the SOC2 requirements. As a result, we were successfully certified as a SOC2 Type2 compliant SaaS product expanding our target market to a large number of compliance- and cybersecurity-aware US and global businesses, besides assuring Lokalise's own business security, reliability, and sustainability.
Nick Ustinov, CEO/CTO @ Lokalise
Client: Transact Pro
Client: Transact Pro
Project: assistance with PCI DSS annual audit
Project: assistance with PCI DSS annual audit
In 2019 Q4 - 2020 Q2 we assisted one of local fin-tech leaders to prepare and execute annual PCI DSS assessment, including information security management policies and procedures review, audit project management and consultancy on Cyber-security, GDPR and best practices towards security management. Additionally we assisted client with annual company wide risk assessment and security awareness training program execution.
Client testimony:
Client testimony:
NS Advisory were proactive, responsive and easy to work with, and willing to go the extra mile to keep everyone involved in the audit project informed about project status and what`s coming up. NS Advisory assistance in our annual PCI DSS audit helped us to meet deadlines and move our compliance program forward.
Andrejs Bosko, Member of Board, Head of Compliance @ Transact Pro
Client: Transact Bank N.A.
Client: Transact Bank N.A.
Project: assistance with IT security (security architecture and compliance) to facilitate business model change
Project: assistance with IT security (security architecture and compliance) to facilitate business model change
In 2019 Q3 - 2020 Q2 we worked with Colorado National Bank (now Transact Bank N.A.) assisting them during business model change, advising on IT Security Architecture and helping to prepare the infrastructure for rapidly changing risk landscape. We provided PCI DSS related compliance advisory as well as consultancy on Cyber-security related topics. We provided assistance with practical Cyber-security control improvement, assisted with security related tools (IDS, vulnerability management, network and application vulnerability scanning) implementation and maintenance.
Client testimony:
Client testimony:
NS Advisory has worked with Transact Bank on a variety of project necessary for the bank to implement its transition to merchant acquiring and payment processing. We have found them to be very knowledgeable in the areas for which NS Advisory was retained, professional in their interactions with bank employees, and willing to accommodate the bank as changes in the project or assigned tasks where needed. I would not hesitate to recommend NS Advisory to other companies..
John Sprengle, Chief Operating Officer @ Transact Bank, National Association
Our contacts | Don't hesitate to reach out
Our contacts | Don't hesitate to reach out
Report abuse