Cosant’s Virtual Chief Information Security Officer (vCISO) services provide executive-level IT and Cyber Security guidance and consulting, without the full-time employee costs associated with hiring a traditional CISO.

Cosant’s vCISO Services Include

There are two types of organizations: those that have been the victim of a Cyber-Attack, and those who don’t know that they have. 

Organizations of all sizes and industries are under constant threat of having their IT systems breached. The question for most organizations isn’t if they are going to be breached, but how they can isolate and mitigate the threat.

Executive management and the Board of Directors may be held personally liable for data breaches if they are not prepared for a Cyber-Attack.  Directors are required to exercise reasonable skill and care in performing their duties.  To put that in Cyber Related terms, that means assessing data risk, ensuring IT security is adequate, training staff and having plans in place to deal with a data breach.

Cosant is here to help guide your organization through the process.

  • Assessing IT and Cyber Risk
  • Determining your current state and desired future state of IT and Cyber Security
  • Building an IT and Cyber Security roadmap (Gap Analysis)
  • Developing and executing an IT and Cyber Security Program

Information Security Risk Assessment

Information Security Risk Assessment

Risks must be identified and prioritized to efficiently apply resources for mitigation. An Information Security Risk Assessment is the tool for managing and communicating risks to executive management and the Board of Directors. Without a comprehensive Information Security Risk Assessment, executives do not have a strong understanding of the information security risks they are ultimately responsible for, and staff has no direction on which risks to address. Cosant creates and manages a comprehensive and sustainable Information Security Risk Assessment process.

IT Security Assessments

IT Security Assessments

Your IT staff or outsourced IT partner has installed many expensive IT hardware and software solutions on your systems.  Are they setup properly and securely?  Are your IT controls optimized for protection? Cosant’s skilled and experienced vCISOs provide an independent assessment to verify IT controls or recommend changes, all while not impeding business operations.

Network Vulnerability Assessments

Network Vulnerability Scans and Assessments

Cosant begins by collecting information on specific systems we call targets.  The targets are scanned by combining automated tools and manual validation to determine the overall effectiveness of your organization’s external and internal security.  Cosant provides a final deliverable detailing a summary of the vulnerabilities discovered including all relevant details such as; the IP addresses, the severity, what the impact is to your organization and how to mitigate the vulnerability.

Cybersecurity Incident Response Planning

Cyber Security Incident Response Plans

Obviously, we all want to prevent an attack from happening.  Nobody wants to be on the front page of the new announcing that they have been compromised.

It is vital, however, to plan for an attack. And it is best to plan for attack before trying to cobble together a proper response while the chaos of a breach is underway.

As John F. Kennedy said, “The time to repair a roof is when the sun is shining”.

An established plan of action that immediately executes following the detection of an IT or Cyber Security breach is called an Incident Response Plan. It is imperative to have a plan to limit incident costs and damages to the organization’s reputation.

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning

Your customers, employees and partners rely on your operations being available.  If your most critical business operations are down – what do you do?  Who does what?  Where do you do it?  Think about your busiest day of the week, during the busiest hours of the day and your most critical business systems not being available.

The Cosant team has seen the damage and chaos, first hand, from organizations that do not have a current and tested Business Continuity and Disaster Recovery Plan in place.

Cosant makes sure to embed the Business Continuity and Disaster Recovery Plan process into the organizations change management process. This effort keeps the plan up to date as things change in the organization.

The most important part – TEST the plan.  There are many ways to test the plan to have confidence that the plan is current and viable.  Cosant makes sure to embed the Business Continuity and Disaster Recovery Plan process into the organizations change management process to keep the plan up to date as things change in the organization.

Cybersecurity Awareness and Training

Cyber Security Awareness and Training

Cosant never forgets about the human element.  Building a culture of security at your organization starts by providing cybersecurity awareness and training for your workforce.

In nearly every assessment we perform, the most significant vulnerability is the lack of cybersecurity awareness and training.  Most ransomeware and other malicious attacks start by social engineering, and phishing techniques.  Build your human firewall today.

Cybersecurity awareness and training has a strong ROI that will not only help you detect an attack earlier but also prevent an attack from occurring in the first place.

Information Cyber Security Program / Policy Creation and Implementation

Information Security Program / Policy Creation and Implementation

The Information Security Program document and associated policies form the bedrock of an organization’s information security program. Cosant develops customized IT and Cyber Security policies that are consistent with your organization’s requirements and most importantly your culture and appetite for risk.

Third-Party (Vendor) Reviews

Third-Party (Vendor) Reviews

You put all the important stuff in the cloud so you have nothing to worry about, right?  Wrong.

Migrating to a cloud provider does not absolve an organization of its Cyber Security responsibilities.  It creates what is called a shared responsibility between your organization and the cloud provider.

Its not just cloud providers that present potential risk to your organization.  It is also IT service providers, outsourced software developers, consultants or other professionals that provide critical services to your business.  Anybody in your critical supply chain presents a potential risk to your organization.

Cosant assess controls and confirms alignment of the third-party with your risk tolerance. Cosant performs vendor information security reviews, including SOC1 or SOC2 audit reports, which are a crucial element of information security risk management. Let Cosant put our years of experience assessing vendors to work for you.

Compliance with Regulations and Standards

Compliance with Regulations and Standards

Are you contemplating an upcoming PCI, HIPAA or another regulation or standard, Cosant can help your organization with a readiness assessment to prepare for the formal audit or attestation.

Data Mapping Exercises

Data Mapping Exercises

Do you store personally identifiable information (PII) on your customers, vendors, suppliers, employees?  Do you know where the data is stored?  How is it protected? Are you collecting only the data you need to collect?  Data mapping exercises help to answer these questions and reveal gaps in controls.

This is an important exercise, as data privacy laws are changing rapidly and will carry significant fines if your organization is not compliant.

Cosant can help locate the PII on your network and devices while advising on the proper controls to be compliant with changing regulations.


Cosant works directly with executive and IT teams to assess and construct custom built Cyber Security plans and programs that will reduce your risk and protect your reputation. Our solutions are more human, more connected, and more evolved.