Shared CISO Services
Traditionally the position of Chief Information Security Officer (CISO) has only existed in companies large enough to demand it. Most small and medium-sized businesses (SMBs) cannot justify employing a full-time CISO and the high salary the position demands. But, as focus on cybersecurity has been growing more and more each year, a spotlight has been pointed at the lack of the CISO position, or similar security-centric title, in many businesses. This is especially true for SMBs which are often the most vulnerable and targeted.
This is where companies can benefit from partnering with a trusted consultant, like Dopkins & Company. Our Shared CISO performs, advises, and facilitates the various functions of a CISO for a fraction of the cost. We can offer as much, or little, as needed for your unique business requirements. See the chart below for high-level comparison between a traditional CISO and Dopkins Shared CISO.
Function |
Traditional CISO |
Dopkins Shared CISO |
| Implement and oversee Information Security program | X | X |
| Ensure compliance with standards (HIPAA, PCI-DSS, NYS SHIELD, etc.) | X | X |
| Policy creation and implementation | X | X |
| IT Audit and Controls | X | X |
| Present to board/executive leadership | X | X |
| Incident Response planning + testing | X | X |
| 3rd party evaluations | X | X |
| Completion of partner security requirement surveys (insurance, vendor agreements) | X | X |
| Train security staff | X | X |
| Diverse background and experience | Varies | X |
| Temporarily fill vacancy after departure | X | |
| Aide in search for security employee(s) | X | |
| Train and advise new security employee(s) | X | |
| Salary | As low as 1/10th of full-time CISO, depending on size of company and functions requested. |
Dopkins approach
We will meet with your business leadership to determine the Information Security functions that are needed, which are already being performed, and where Dopkins Shared CISO services can be used. We can fulfill anywhere from one to all of the functions listed above. Existing or new employees can be trained to take on the responsibilities listed. Fees are not predetermined and are based solely on your business.
Schedule a free consultation to determine how Dopkins can help your organization.
The following laws and standards address the need for a security officer, such as a CISO:
HIPAA
164.308(a)(2) – “Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the covered entity or business associate.”
PCI DSS v4.0 (Payment Card Industry Data Security Standard)
12.1.4 – “Responsibility for information security is formally assigned to a Chief Information Security Officer or other information security knowledgeable member of executive management.”
NY DFS Part 500
500.04 – “Each Covered Entity shall designate a qualified individual responsible for overseeing and implementing the Covered Entity’s cybersecurity program and enforcing its cybersecurity policy (for purposes of this Part, “Chief Information Security Officer” or “CISO”). The CISO may be employed by the Covered Entity, one of its Affiliates or a Third Party Service Provider.”
NY SHIELD Act (Stop Hacks and Improve Electronic Data Security)
(a)(1) – “Designates one or more employees to coordinate the security program.”
