Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Security Advisory / Security Advisor
133CISOA Base

Security Advisor

On this page

    Service Overview

    The DeepSeas Security Advisory service partners DeepSeas Clients with a part time strategic security advisor who can relieve the burden and stress of managing a security program by bringing expertise and knowledge to the Client’s business.

    DeepSeas will deliver a partially dedicated Security Advisor who will partner with the Client’s CISO or cybersecurity leadership to provide expertise and guidance to evaluate, identify gaps, and mature the Client’s cybersecurity program. This program provides Clients with an assessment and roadmap as well as access to cybersecurity resources to assist in their journey of risk mitigation and cyber defense.

    Objectives

    The primary objectives of the Security Advisor program are to:

    • Support a cybersecurity culture.
    • Understand Client’s strategy and business environment to build the most relevant cybersecurity roadmap.
    • Serve as a trusted cybersecurity advisor enabling leadership to make risk-informed decisions.
    • Provide ongoing governance and program tracking to refine and enhance security posture.
    • Deliver recommendations and guidance to deploy next level defenses.
    • Provide the Client with visibility into program growth and maturity and manage that growth and maturity through the DeepSeas Advisory App.

    Methodology

    Our experienced Security Advisor will follow repeatable processes to identify and manage cybersecurity risks, create, and implement cybersecurity policies, and provide guidance on cybersecurity compliance and regulatory requirements.

    The Security Advisor will follow a standard security strategy program playbook that begins with a risk assessment and the development of a security roadmap. Results from these efforts guide Client stakeholders to align budgets and strategic security initiatives to mature their security program and benefit from ongoing access to their part time virtual Security Advisor.

    The Security Advisory delivery methodology includes the following service elements:

    • Onboarding and Initial Assessment
    • Documenting an information security program plan and a cybersecurity roadmap.
    • Project Oversight and implementation of select program improvement projects as agreed to between Client and Security Advisor.
    • Ongoing Program Advisory provide ongoing security program oversight including:
      • Cybersecurity strategic planning and roadmap execution oversight
      • Cybersecurity controls oversight
      • Cybersecurity risk management oversight
      • Cybersecurity governance/operational oversight
      • Cybersecurity executive reporting - support
      • Cybersecurity related cyber insurance advisory services.

    This program consists of the following phases:

    1. Phase 1 – Security Advisor Program Mobilization (Estimated Duration: 3 Weeks)
    2. Phase 2 – Conduct Cyber Domain Assessment in DeepSeas Advisory App (Estimated Duration: 3 Weeks)
    3. Phase 3 – Prioritize/Plan Transformation (Estimated Duration: 2 Weeks)
    4. Phase 4 – Continuous Improvement Stage – Cyber Defense Oversight (Estimated Duration: Ongoing)

    Deliverables

    DeepSeas will produce the following deliverables:

    1. DEEPSEAS ADVISORY APP ASSESSMENT RESULTS – DeepSeas will provide Client with an assessment report from DeepSeas Advisory App demonstrating control adherence to in-scope frameworks and regulations.
    2. DEEPSEAS ADVISORY APP SCAN RESULTS – DeepSeas will provide Client with a copy of the scan results produced out of DeepSeas Advisory App.
    3. MATURITY SECURITY SCORECARD – DeepSeas can produce a PDF of the dashboard report available in DeepSeas Advisory App to support data and information displayed on other reports such as the quarterly report or annual board presentation.
    4. SECURITY ROADMAP – DeepSeas will provide a regularly updated Security Roadmap that summarizes program tasks and progress.
    5. MONTH END CYBER SECURITY REPORT – DeepSeas will provide Client with a report summarizing risks, actions, issues, and decisions made during the previous month.
    6. QUARTERLY ALIGNMENT AND PLANNING REPORT – DeepSeas will provide Client with a report detailing the old and new business discussed during the meeting.
    7. ANNUAL BOARD PRESENTATION or REPORT – DeepSeas will provide a formal presentation or report for the board of directors or equivalent, including program health, and current priorities.
    8. MEETING MINUTES – Where necessary, DeepSeas will provide Client with meeting minutes to summarize action items and next steps out of scheduled calls.
    9. DEEPSEAS ADVISORY APP POLICIES – DeepSeas will provide Client with PDF versions of policies produced by DeepSeas Advisory App.

    Service Assumptions

    1. Unless otherwise stated in the scope section of this agreement (i.e., Program Kickoff) or otherwise in writing, all services are to be performed remotely.
    2. Consulting hours will be utilized at the discretion of DeepSeas for the completion of the Client's reactive requests. Hours may be consumed for activities outside of the scheduled working sessions and will be communicated to Client in advance.
    3. Policies produced are a result of questions addressed during the onboarding and assessment tasks. Additional policies may be needed or required and can be developed through office hours.
    4. All unused consulting hours will expire at the end of each contract year and will not rollover onto future contract years.
    5. Security Advisor will make best efforts to attend Security Advisor DeepSeas project engagements, including Kickoff, Opening & Closing meetings & Findings and other critical touch points as defined and discussed between Client and CISO.
    6. DeepSeas requires a minimum lead time of forty-five (45) days for any project that will utilize consulting hours outside of Security Advisory program hours.

    Client Responsibilities

    The Client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan.

    GENERAL RESPONSIBILITIES

    1. Client to assign a Single Point of Contact (POC) responsible for Client coordination and logistics.
    2. Client is responsible for providing DeepSeas with key stakeholder information such as name and email address to be added to stakeholder register and configured in DeepSeas Advisory App.
    3. Client to provide URLs or IPs to DeepSeas for scans.
    4. The Client is responsible for scheduling and coordination of internal Client resources for all project work.
    5. The Client is responsible for the approval and implementation of draft documents within the organization.
    6. Client to provide necessary access, accurate and up-to-date inventory and asset information, and timely support for the CISO during the assessment, planning, and implementation phases.
    7. Client to ensure that all relevant stakeholders are aware of the planned security measures and are trained to use the new security tools and processes.
    8. Client to coordinate with vendors to provide necessary information and support for the CISO.
    9. Client to allocate appropriate resources to implement recommended security measures.
    10. Client to review and approve all deliverables produced by the CISO as part of the Project. This includes providing feedback and revisions in a timely manner to ensure that the Project stays on track and meets the agreed-upon timelines.
    11. Client to allocate appropriate resources to support the Project, including personnel, equipment, and other necessary resources. This may involve reassigning staff members to work on the Project or acquiring new resources as needed.
    12. Client to provide the CISO with access to all necessary data and information required for the Project. This may involve collecting and analyzing data related to the organization's current cybersecurity posture, infrastructure, and policies.
    13. Client to maintain open and effective communication with the CISO throughout the Project. This includes promptly responding to requests for information or feedback and providing regular updates on Project progress.

    OFFICE HOURS

    1. Client to agree upon a schedule for office hours, status meetings, and governance meetings.
    2. The Client is responsible for providing additional agenda topics no later than 48 hours prior to scheduled office hours.

    BOARD MEETING

    1. The Client is responsible for providing the date and time of the annual board meeting no later than 90 days prior to the meeting.

    Deepseas Responsibilities

    DeepSeas will be responsible for:

    1. Scheduling initial kickoff meeting, all onboarding interview sessions, and ongoing office hour sessions
    2. Setting up Client in DeepSeas Advisory App and maintaining access through the term of the program
    3. Completing onboarding surveys/interviews and providing access to Security Maturity Scorecard