Accomplish Your Goals with Outsourced Expertise.
Reduce the cost of hiring a full-time CISO, Chief Risk Officer, or other senior privacy and compliance experts. Gain instant and relevant experience, address critical requirements, and achieve efficiencies.
Centralize, track, manage and report on your program activities in the P2RI™ Platform. Leverage tailored program templates, playbooks, runbooks, and instructions, guided and facilitated by your Fractional CISO.
Bolster your organization’s cyber risk strategy, guide your roadmap design, and implement your security risk and compliance program with Fellsway Group’s Fractional CISO solution.
How We Help
Fractional CISO services are sized to meet your needs. The number of recommended retained hours per month are based on your current environment, goals, objectives, requirements, and timelines.
Fellsway Group’s Fractional CISO offering includes:
1. Program & Policies – Review, refresh and develop Cyber Risk Program Policies. Ensure they are right sized to the organization, aligned to your goals and objectives, and understood and acknowledged by your employees.
2. Awareness & Training – Enable Role specific training to elevate the organization’s skills and raise awareness to everyone’s responsibilities.
3. Operational Processes – Design and document processes to fortify change, problem and incident management, and incident handling and escalation processes. Assure proper provisioning and deprovisioning of access to critical applications and systems. Assure proper security processes (i.e., patching, monitoring, malware protection, architecture, metrics, etc.).
4. Crisis Management & Incident Response – Establish, assign, and practice crisis management and incident response activities to ensure ongoing business resiliency. Develop Crisis Management Playbook, Common Incident Runbooks (Ransomware & Malware), and Facilitate Table-Top Exercises. Facilitate Cyber Crisis, Incident, Incident Handling, and Incident Response as needed.
5. Contingency Planning – Document data flows, analyze business impact, document recovery requirements, and test resiliency against cyber and other threat scenarios. Review backup processes. Update/Develop Business Continuity Policy and Plan. Facilitate Disaster & Continuance Scenario Table-top Exercises.
6. Continuous Business Context Alignment – Identify stakeholders for each critical business process linked to revenue, objectives, suppliers, and other customer-focused value streams. Provide insight and visibility into external factors (threat landscape). Facilitate communication across the organization.
7. Governance & Compliance – Monitor regulatory changes, streamline ownership, accountability, and activities to continuously comply with internal and external risk and compliance factors via Readiness Assessments against required compliance standard(s).
8. Digital Asset Management – Inventory and correlate assets to critical business processes to make risk decisions linked to business priorities.
9. Risk Management – Establish risks and define the business tolerance to baseline, measure and manage risk decisions. Align to or develop Risk Committee guidelines. Build and Manage Risk Register and Risk Scoring. Oversee Third Party Risk Management Program.
10. Controls Framework – Align security controls to business context and priorities, benchmark against relevant framework best practices (CIS20, NIST, ISO) and harmonize control sets across compliance mandates.
Additional Activities - Conduct assessments per audit requirements. Evaluate results from penetration tests, vulnerability scans, or control assessments. Conduct budget and resource mapping. Operational security program oversight, board level reporting, and other general subject matter expertise as required.