The concept of “CISO AS A SERVICE” is for organizations, small and large, that may not have a sitting CISO or need a temporary/virtual CISO to establish or optimize the information security organization. This service provides organizations the insight of a seasoned CISO to assess the health of the organization’s program and determine next steps to get the program on a path that supports the business and security strategy. This service will review current enterprise IT and Security vision, strategy, security program framework, and review people, process, and technology (security stack). The service provides an assessment, recommendations, heat map of risks, and a proposal for next steps. Your organizations leadership can then adjust the roadmap and next steps.