Taken from a Facebook Live video July 26th (hence the lower video quality), Greg explains why the Virtual CISO Minute is now the Virtual CISO Moment,  talks about possible future use of the Facebook Live channel to help small and midsized businesses with information security topics, and invites current vCISOs or those interested in the space to join the Virtual CISO Exchange LinkedIn group at https://www.linkedin.com/groups/12095465/. Produced by vCISO Services, LLC. https://vcisoservices.com

There is a growing rift between the information security “haves” and “have nots,” and the threat actors know that as well. Cyber criminals increasingly target small and midsized businesses (SMBs) because they know SMBs likely do not have information security programs as robust as those large organizations have in place. Nor do they have experienced information security leadership, as the average annual cost of nearly $260,000 for a full-time CISO is out of the reach of most SMB budgets.  The Virtual CISO, or vCISO, has emerged to fill this need. While most SMBs cannot afford a full-time CISO, most also do not need one, just access to CISO expertise. Often as little as ten hours per month of a virtual CISO can bolster an SMB's information security program and posture to nearly the same level as if they had a full-time CISO on staff.  This presentation discusses why the virtual CISO has become a viable option for businesses, what to look for in a virtual CISO, and what a virtual CISO can and cannot do for your small or midsized business.

Thirty-four years ago, I worked as a porter (janitor) at a hotel in New Jersey. I took a year off between high school and college to decide where I wanted to direct my life - and to earn money for college. I promised myself that one day, when I had become successful, I would stay in that hotel. Recently it happened. I realized I learned an early lesson applicable to information security then. Watch to find out what it was.

You've heard the term, but what is a Virtual CISO, or vCISO? This week's Virtual CISO Minute explains

Compensating Controls: Is an audit exception regarding a failing primary control absolute? Maybe, maybe not. The risk may be mitigated by other methods - compensating controls.

The Nashville Technology Council's Veterans Peer Group helps veterans land civilian jobs and enhance their careers in IT and information security in the Nashville/Middle Tennessee region. SMBs should look to a veteran when trying to fill these positions.

Quantitative risk assessments and how they can help your SMB's information security posture.

Qualitative risk assessments - the ones that produce those "heat maps" with the red (high risk), yellow (medium risk) and green (low risk) are a standard method for communicating information security risk. But they have limitations.

Information security risk assessments - why are they important?

SOC1, SOC2, what do they mean for your small business?  Find out in this week's installment of The vCISO Minute.