Backbone's CISO On-Demand service is the 'just right' solution for mid-size clients that cannot afford or do not have the need for a full time CISO. This service provides companies with a highly experienced and certified security professional that can be either onsite or offsite to lead and drive IT security efforts. Backbone's CISO On-Demand service include the following activities:
Information Security Program: Backbone can help organizations create an effective information security program tailored to the organization size, industry and regulatory requirements. We can also analyze the effectiveness of the current security program and provide recommendations for improving an organizations risk posture.
Third-Party Representation: Backbone can respond to customers, vendors, regulators and other third-party inquiries regarding information security posture and risk mitigation practices.
Compliance Requirements: Backbone can design an information security strategy to meet the organization's information security compliance requirements such as PCI DSS, HIPAA, SOX, FFIEC, FDCIA, NIST-800, FISMA, FIPS, Red Flag Rule, GLBA, ISO27001, COBIT, FERPA, State and Federal Privacy Laws.
Industry Best Practices: Backbone provides a comprehensive solution that addresses information security industry best practices such as:
• Board advisory and executive reporting
• IT security policies development and review
• Security awareness program
• Incident response process
• IT risk mitigation techniques
• Third-party security evaluations
• SSAE16 SOC1, SOC2 and SOC3 advisory
• Audit remediation activities
Backbone's CISO On-Demand service can assist mid-size organizations with their information security governance and help to implement technical controls to safeguard their information assets. Our CISO On-Demand service can also help organizations meet regulatory requirements, including federal and state data privacy laws.