In some companies, next to the CISO you might have the CSO (Chief Security Officer) role. Typically, the mission of the CSO is to protect places, people and processes and manage relations with law enforcement. In some other companies, the CSO role includes the CSO role just described and the CISO role.
Both roles are very critical and in many businesses both security aspects are naturally very intertwined and a number of malicious actors will try to play on both sides. The use cases outlined below largely apply to both.
In CISO-as-a-Service all or some of the typical CISO activities are executed (Cybersecurity assessment, implementation of cybersecurity solutions...) This can typically happen in support of the board, the executive management, the Risk Officer, the CIO or the Information Security Officer.
The chart below gives some example of these services.
The Use Cases outlined below describe the type of engagements and a very indicative engagement duration. Your problem/use case may be different from the one’s outlined. All the engagements need to customized to fit the business case.