Summary:
Reveal Risk partnered with a large international non-profit organization concerned about data theft, financial cyber-crime, and operational/reputational damage to develop a right-sized, risk-based cyber security program to reduce risk with minimal available funding.
The board tasked the incoming CEO and team to reduce cyber security risks and protect the organization. Still, the organization hadn’t made any investments beyond core IT projects covering information security lightly through infrastructure controls. Prior audits/risk assessments done by a CPA firm had identified issues that were not fully resolved, and the leadership team didn’t have clear visibility into status.
Outcomes:
- Developed and executed a tailored NIST CSF assessment (right-sized for the relative risk and size of the organization) to identify strengths and gaps,
- Profiled the top business risks with a cross-functional leadership team to enable the organization to focus their efforts and investments
- Created a prioritized investment plan for the board and executive team, along with coaching and presentation support
- Aligned business risk, program maturity needs, and threat analysis for the non-profit sector to build a program roadmap
- Reveal Risk was asked to continue as the virtual CISO (vCISO) to drive execution of the plan and continues to serve in this capacity currently.
“The leaders and team at Reveal Risk have a unique blend of practitioner experience, industry experience, innovative thinking, and ability to deliver; with NO classic consulting industry games played. The rapid trust and partnership I built with them gave me comfort while transforming my organization and navigating the challenges that we all face along the way. Their pharma industry experience and beyond is really effective and I look forward to the continued partnership.”
Chief Information Security Officer
Fortune 500 Contract Manufacturer
“I had the opportunity to work with the Reveal Risk team during a critical period for my organizations’ cybersecurity program. With no reservations, I can say that I couldn’t have achieved what I did without their guidance and leadership. Their knowledge of the cybersecurity domain and ability to apply it in unique and time sensitive situations was well beyond my expectations. As I’ve worked more closely with the team on other program building initiatives, I realize that this is business as usual for Reveal Risk and I look forward to engaging them in the future.”
Information Security Director
Fortune 500 Life Sciences Company
