Industrial Disposal Company
This industrial company specializes in the disposal of equipment from companies. Such equipment may include information technology devices with data which must be properly and completely destroyed. The company already had an information security program with a designated lead; however, the single staff member was overloaded, with demands from customers and the company’s insurance provider rolling in faster than the staff member could handle them.
SCALESOLOGY IN ACTION
The company hired Scalesology to provide virtual Chief Information Security Officer (vCISO) services to oversee their information security program. In this capacity, the vCISO was able to prioritize, organize, and direct the staff member’s work. A major part of this was clarifying and documenting the roles and responsibilities of the security team versus the IT department. The vCISO was also able to prioritize vulnerability remediation, seeing that long overdue patches were applied, and configurations updated. The vCISO also oversaw the implementation of company-wide multi-factor authentication (MFA), implemented a vendor risk assessment program, and configuration reviews of the environment. All this was in addition to regular CISO practices, such as risk management, policy review and updates, and security testing.
With the Scalesology’s vCISO services, this industrial disposal company has reduced its overall risk exposure, maintained its cyber insurance, and attracted new, security-conscience customers.