CISO Advisory

A Virtual CISO for Innovative Technology and Cloud Service Providers

Contact Us

Our Proven Approach

Chief Information Security Officer (CISO) advisory services help businesses develop, mature, and manage cybersecurity programs that guard sensitive information, strengthen brand reputation, and differentiate products.

Partnering with BARR gives you access to a team of skilled security professionals that serve as a virtual CISO (vCISO), helping you build and maintain a program that is flexible and adaptive to the needs of its stakeholders. Our proven approach includes three phases designed to build and optimize a customized cybersecurity program that caters to your business needs.

How It Works

https://www.barradvisory.com/wp-content/themes/salient/css/fonts/svg/basic_sheet_txt .svg

Phase 1: Gap Assessment

We believe in determining the why before proposing the how, and that careful planning and thorough identification of gaps are imperative to achieve your security objectives.

https://www.barradvisory.com/wp-content/themes/salient/css/fonts/svg/arrows_circle_check.svg

Phase 2: Remediation

We provide a roadmap to successful remediation, turning what were gaps in your security program into competitive advantages.

https://www.barradvisory.com/wp-content/themes/salient/css/fonts/svg/arrows_clockwise_dashed.svg

Phase 3: Continuous Management

With the continuous support of a virtual CISO, you gain a valuable strategic asset. We weave security and compliance into the DNA of your organization, differentiating you among your competition.

Phase 1: Gap Assessment
1-2 Months
Connect & Determine Scope
  • Team introductions
  • Kickoff meeting
  • Determine scope, including assessment criteria
Assess the Client
  • Walkthroughs and interviews
  • Document reviews
  • System observation and inspection
Prepare & Finalize Deliverables
  • Prioritized gaps and recommendations
  • Initial set of controls
  • High-level scope definition
Debrief
  • Present deliverables to client
  • Communicate Phase 2 budget
Phase 2: Remediation
1-3 Months
Establish Security Committee
  • Form a security team
  • Document team members’ responsibilities
Project Management
  • Ensure all gaps and recommendations progress toward remediation
Phase 2 Deliverables
  • Security team documents
  • Information security policies and procedures
  • Final set of controls mapped to in-scope framework
Determine Phase 3 Approach
  • Define security plan
  • Roadmap for sustainable long and short-term information security management program
  • Communicate Phase 3 budget estimates
Phase 3: Continuous Management
Ongoing
CISO Advisory services:
  • Customer compliance questionnaires
  • Risk assessments
  • Vendor evaluations
  • Internal audits
  • Security awareness training
  • Penetration tests
  • Reviews and updates of policies and procedures
  • InfoSec KPIs

Not only do we give you the tools you need for a successful cybersecurity program, we help you execute. Explore our services available to you as part of Phase 3: Continuous Management:

Risk Assessment

BARR offers a comprehensive risk assessment service that is designed to identify, quantify, and manage security risk. A thorough risk assessment can help you identify where you need to shore up your security controls to mitigate internal and external risk factors.

Policy & Procedure Documentation

Any successful security program will include a set of policies and procedures. We’ll provide consultation resulting in a customized set of policies and procedures that are both understood and followed by all members of your organization.

Security Project Management

Project management is essential to the successful execution of any cybersecurity program. Why? Because without it, cybersecurity projects are left ill-defined, underfunded, and past due. The BARR Advisory team helps you manage scope, schedule, and cost of cybersecurity initiatives.

Security Questionnaire Responses

When your customers send security questionnaires, you want to be ready with responses that will put them at ease knowing their data is safe with you. BARR formulates those responses and offers direct communication with your customers to help resolve any concerns they may have, leaving them feeling confident in choosing your product or service.

Internal Audit Service

Our team of experienced consultants work with your unique business needs to develop or enhance your internal audit function; identifying shortcomings in your internal controls, testing those controls, and providing actionable next steps. We perform audits against frameworks including SOC 2, NIST CSF, ISO 27001, CIS Top 20, and more.

Vendor Assessment

How can you hire third-party vendors and minimize the worry that they may not live up to your own security standards? We help you pinpoint the vendors that present the highest level of risk using a standardized, risk-based approach. Once identified, we offer simple steps to protect you from potential risks associated with using third party services.

Mappings to Other Frameworks—Test Once, Use Many

BARR Advisory team will assist you in identifying systems and controls within your security program, and will map those controls to multiple standards including SOC 2, ISO 27001, NIST CSF, CSA STAR, HITRUST, NYDFS, the 18 CIS Controls, and more.

Virtual CISO Support

BARR Advisory offers ongoing support as a virtual CISO, providing transparency on your cybersecurity program to your board, executive team, and other stakeholders. We are your strategic asset to weave security and compliance into the DNA of your organization and differentiate among your competition.

BARR knows security best practices, which is really helpful in going through the audit process. Being able to look at issues through the eyes of an auditor and having the ability to make impactful minor adjustments to meet controls is something we needed.

ceros logo

Benefits of a Virtual CISO

  • Significant reduction in cost compared to a full-time CISO
  • An independent perspective eliminates conflict of interest
  • Limited turnover means continuity for your business
  • Industry expertise necessary to make sound security decisions
  • Services are flexible and scalable on short notice
  • Readily available resources at your disposal

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Connect With BARR

Case Studies and Resources

cyBARR Chats Episode 18: Everything You Need to Know About Social Engineering

| Videos | No Comments
In light of the recent security breach at Uber, Senior CISO Consultant Larry Kinkaid explains what social engineering is, how it works, and how organizations can work to prevent it....

Everything You Need to Know About Social Engineering

| Uncategorized | No Comments

Uber is the latest prominent company to have a security breach as a result of social engineering. They’re not alone—just this year, Microsoft, Okta, and Cisco have all had security…

cyBARR Chats Episode 17: ISO 27701

| Videos | No Comments
Director of Cyber Risk Advisory Angela Redmond explains what ISO 27701 is, why organizations might need it, and how BARR's step-by-step approach to certification simplifies the process. Transcript Claire McKenna:...

‘See Yourself in Cyber’—National Cybersecurity Awareness Month Focuses on the Human Aspect of Cybersecurity

| Uncategorized | No Comments

We’ve reached the month of October, which means it’s National Cybersecurity Awareness Month (NCSAM). For 19 years, the NCSAM campaign has served to empower people and organizations to protect themselves…

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.