BlackheathPoint's offering is designed to help you identify security risks, appropriate actions, determine effective controls and support their implementation. Assessments and recommendations are based on alignment with industry standards (NIST, NCSC, CCM and OWASP) and relevant compliance frameworks (SOC2, PCI, or ISO27001).
vCISO Services: Complete two security questionnaires of up to 50 questions each, per calendar month, within 5 business days of receiving the questionnaire. Offer 4 vCISO hours to meet and discuss higher level challenges, including organizational structure, strategy, and security KPIs, KRIs and OKRs.
Security Design Management: Develop and formalize SOPs for a secure design process, including "golden paths", authorization matrices, and hierarchical responsibilities.
Threat Modeling: Create and maintain threat models for current designs or already implemented features to identify risks and appropriate controls.
Vulnerability Management: Validate reported findings and remediation effectiveness, adjust criticalities based on business impact and provide acceptance or mitigation strategies.
Security Engineering: Support the development of security control implementation, governance and efficacy.
Penetration Testing Support: Assist with identifying scope and proper levels of penetration testing, discuss key differences, recommend vendors, evaluate options for best use of limited resources.
Your consultant will be available 08:00-18:00 GMT+00, Monday through Friday, except on bank holidays, and company breaks, all of which will be communicated prior.
You will receive weekly status updates that include what was done, what's next, and whether your initiatives are on schedule.
For straightforward questions (e.g. list of potential vendors) asked before 13:00 GMT+00, you can expect answers the same day.
For more complex questions (e.g. policy changes) asked before 13:00pm GMT+00, you can expect a response the same day indicating an estimated timeline for an answer or completion.
Tasks that require a technical implementation, such as development tasks, architecture documents or security assessments, you can expect a proposed scope including definition of done, requirements, non-requirements, and relevant delivery milestones, within 24-48 hours.