Ciso-as-a-service : how does it work ?

Ciso as a Service

First part : Security Assessment

Ciso-as-a-service mission and tasks : our ‘CISO As a Service’ mission will begin with the development of a cyber security strategy and a concrete work plan on security priorities. To do this, we follow these four steps:

Step 1 – Identify Risks and Omissions in Controls

Inventory and analyze controls, technical security measures or functional procedures in place to cover security risks. We usually operate based on ISO27001 controls . Other standards can be applied depending on the needs. To complete this first step, we will meet several key persons of the company.

Step 2 – Architectural Verification (1 days off site)

We look at your architecture in general, focusing on critical exposure points, network protection for your systems, and those that run the core of your business. We will also discuss the safe management of the most critical systems as listed below. This review does not replace an audit, it will provide a global view of how systems are interdependent and security governance that concerns them .

Step 3 – Report and prioritization-based threats

The real threats to your organization and your business priorities will be identified and used to perform a prioritization of actions based on risks and strategy.

Most of these actions will be translated into Quick-Win, allowing you to quickly address the point raised. These Quick-Win will be described as the report progresses, and synthesized at the end of the report, with an estimate of the workload (internal and / or external) as well as the urgency.

Accompaniment in the implementation of Quick-Win can be done within the framework of the mission Ciso As a Service, or outside this framework. In the latter case, CSM may intervene in “Time and Materials” mode or offer a package based on the report provided.

Step 4 – Design and validation of the program and the prioritized roadmap

We deliver a comprehensive security program, a strategic approach and a detailed roadmap that your team can take ownership of. The program and the roadmap will be presented to Management for their approval and official support.

2nd part: RSSI as a Service: A security consultant with a team

CSM will help you implement your safety program, accompanying you throughout it. We will help you improve your day-to-day security as well as your current and future projects. Ciso-as-a-service mission and tasks are described below.

You will have a CISO assigned, your preferred point of contact. However, when the need for very specific knowledge will be felt, your CISO can call on several specialists who make up his team. You have the advantage of having all the necessary specialists without having to search for them.

CISO – the experienced CSM security manager coordinates:

  • The execution of your security strategy, according to the deficiencies detected in the first part of the mission.
  • The answers to everyday security issues, as that of your customers.
  • A team of experts in infrastructure security, application, mobile, IoT or ICS, but also security architecture, training and security awareness, compromise assessments and incident response, provides the specialized skills needed to implement your strategy

Typical Ciso-as-a-service mission and tasks

Cyber Security


  • Establish plans and policies for the logical, physical and organizational security of the Company’s Information System in order to control risks, avoid incidents and comply with the laws in force,
  • Improve, document, contribute to drafting and implement the procedures
  • Conduct the analysis of information security risks in a pragmatic way and establish the associated recommendations and specifications,
  • Develop security prevention, crisis and recovery plans,
  • Lead the compliance of cyber security and its maintenance over time,
  • Research and propose, for arbitration, the best compromises risk / use / quality of service,
  • Lead the technological and regulatory watch in the field and evaluate the consequences,
  • Interface organizations (and working groups.


•             Advise and validate the implementation of new technical architectures and tools with respect to the observance of the security plan,

•             Conduct or have performed audits, tests or security checks of the existing, supervise and carry out action plans for continuous improvement,

•             In case of crisis, ensure real-time analysis, check plan follow-up and propose solutions,

•             (Doing) deploy and / or administer certain security-related systems, in coordination with the IT department,

•             Set up a daily record of events related to security, through controls as well as through monitoring or reporting tools implemented. Set up the alert procedures of the actors involved in corrective or preventive measures and ensure reporting.

•             Develop dashboards and indicators of the domain,

•             Conduct studies and projects according to the needs of the Service’s activity.

Security Awareness is also part of Ciso-as-a-Service job

  • Raise awareness and permanently train all the company’s stakeholders in the issues of safety and the risks involved,
  • Performs targeted and dedicated information actions when the breach occurs.
  • Inform the employees according to news and new threats.
awareness training session

Want to know more? Contact Us

Ciso-as-a-service : a service by Emmera