SMB - Cyber Security Case studies

This is a series of Cyber Security Case Studies across various business verticals, highlighting the value of the vCISO role to small and mid-tier businesses.

Virtual CISO - Case Study #1

Cellular Communications Provider in Merger & Acquisition

Industry: Telecommunications

Location: Toronto, Ontario, Canada

Size: 700 employees

Reason: Mergers and Acquisitions

Effort: First 30 days full time. Next 60 days 3 days per week. Remainder of contract was flexible depending on tasks required. Minimum 1 day per week, typically 2 days per week.

Virtual CISO - Case Study #2

Fintech Service Provider requires Interim CISO

Industry: Fintech

Location: Toronto, Ontario, Canada

Size: 10,000 employees

Reason: CISO departure - Interim CISO while firm searches for new full time CISO

Effort: 6 months - 3 days/week

Virtual CISO - Case Study #3

Software Startup requires Governance on a Budget

Industry: Insurance Tech

Location: Toronto, Ontario, Canada

Size: 15 employees

Reason: Client required Governance Certification

Effort: Two weeks effort up front (Penetration test, Maturity Assessment)

Ongoing 1 day (roughly 8 hours) / week

Virtual CISO Case Study

Virtual CISO - Case Study #4

Wealth Management Company with Poor MSSP Contract

Industry: Wealth Management

Location: Toronto, Ontario, Canada

Size: 600 employees

Reason: Client required a Virtual CISO to provide Governance over existing MSSP

Effort: Full time for the first 30 days, then 3 days (roughly 24 hours) / week for 18 months

Cyber Security in Family Law

Virtual CISO - Case Study #5

Small Family Law Firm concerned about Privacy Breaches

Industry: Family Law

Location: Toronto, Ontario, Canada

Size: 30 employees

Reason: Client wants to ensure their due -diligence with regard to Privacy and Cyber Security

Effort: Two weeks full time up front to assess maturity and understand vulnerabilities, etc..

Ongoing 2-4 hours / week

Virtual CISO - Case Study #6 (Cyber Security Fail)

Logistics / Transportation / Shipping Firm decides to wait for remediation

Industry: Transportation

Location: Toronto, Ontario, Canada

Size: 700 employees

Reason: Client needed to provide due diligence to Insurer prior to getting a Cyber Security policy

Effort: 2 week assessment - No Ongoing work

CyberSecurity in Healthcare

Virtual CISO - Case Study #7

Private Hospital requires Governance on a Budget

Industry: Canadian Healthcare

Location: Toronto, Ontario, Canada

Size: 200 employees

Reason: Not large enough to require a full time CISO but still needs governance

Effort: Full time for about 3 weeks, conducting Pen Test, Vulnerability, and PIA.

Ongoing 3 days (roughly 24 hours) / month

Cyber Security for a windfarm

Virtual CISO - Case Study #8

Private Windfarm requires Cyber Security Due Diligence for Acquisition

Industry: Energy Provider

Location: Ontario, Canada

Size: 200 employees

Reason: Acquisition partner required a due diligence assessment

Effort: Full time for about 3 weeks, conducting Pen Test, and internal Vulnerability assessment between IT/OT networks

Ongoing 3 days (roughly 24 hours) / month

SMB – Cyber Security Case Studies

SMB - Cyber Security Case studies

Virtual CISO - Case Study #6 (Cyber Security Fail)