contact us

My CISO is absent. What can I do?

In this article

Information security is a crucial issue for any company, and the departure on vacation of your Information Systems Security Manager (ISSM) must not compromise this security. It is essential to put in place preventive measures to ensure continuity of operations and protection of sensitive data during his absence. Here's a detailed guide to preparing effectively for this period, with a key solution offered by Phishia: the outsourced CISO service.

What is a CISO?

RSSI, an acronym for "Responsable de la Sécurité des Systèmes d'Information", is a key professional in the field of cybersecurity. His or her main mission is to guarantee the protection of an organization's information systems against computer threats and cyber-attacks. The CISO is responsible for implementing and managing security policies, monitoring vulnerabilities, managing security incidents, and developing strategies to strengthen the resilience of the IT infrastructure. As a strategic figure, the CISO plays an essential role in preserving the confidentiality, integrity, availability and traceability of data within the company.

The CISO interacts with IT teams, business managers and executives to align security strategies. He or she ensures transparent communication and collaborates with external partners to reinforce the organization's overall security posture.

 
The need for an Information Systems Security Manager (ISSM) is more a function of the complexity of IT systems and security issues than of company size. Medium-sized to large organizations, handling sensitive data or operating in sectors subject to strict regulations, are generally better positioned to benefit from a dedicated CISO.

Setting up an interim CISO

Selecting a replacement

It is crucial to appoint an interim CISO with in-depth knowledge of the company's security infrastructure. This person can be a senior member of the IT team or an external consultant. The choice should be made for someone with significant experience in security incident management and security policy governance.

Training and handover

Before the CISO leaves, it is necessary to train the replacement on the specific aspects of the CISO's responsibilities. This training should include:

  • A detailed briefing on current safety policies.
  • Presentation of the security tools and technologies used.
  • Description of escalation and incident management processes.
  • A review of current risks and mitigation measures in place.

Documentation and access

Full documentation

Documentation must be comprehensive and include :

  • Safety policies and procedures.
  • Safety system configurations.
  • Incident response plans.
  • Emergency contacts, both internal and external (suppliers, competent authorities, etc.).

Secure access :

The temporary worker must have the necessary access to security systems. This access must be granted securely and temporarily. Using Privileged Access Management (PAM) solutions can help control and monitor the temp's actions.

Here's a concrete example: what do you do when your CISO resigns and you suffer a cyber attack?

It's 7 p.m. on a Friday evening. Most employees have left the company premises, and a critical situation has arisen: you're the target of a cyber attack, or more precisely, ransomware. Your CISO has just resigned, and the transition period could not be carried out properly. No one has taken over his or her responsibilities. What can you do? Who should you contact? What procedure should be followed? Here are the steps you need to take to manage this crisis effectively.

Identification and Containment

Initial detection : 

  • If you are alerted to an attack by a monitoring tool or a user, immediately note the symptoms: ransomware messages, encrypted files, etc. 
  • Confirm that it's ransomware.

Insulation : 

  • Immediately disconnect infected machines from the network to prevent propagation. 
  • Disable Wi-Fi, Bluetooth and any other means of communication on compromised devices.

Notification and activation of the crisis team

Internal notification : 

  • Inform the management team and IT managers immediately.
  • If you have an incident response team, activate it.

Call for external help : 

  • Phishia - Outsourced CISO: Contact your outsourced security service provider for immediate assistance. At Phishia, our experts are available 24/7 to manage this type of crisis.
  • Security consultants: If you don't have an outsourced security department, contact cybersecurity experts for rapid intervention.

Situation assessment

Initial analysis :

  • Determine the extent of the infection: which systems and files are affected?
  • Identify the type of ransomware involved.

Documentation :

  • Document all actions taken and observations made since the attack was detected.

Response to the attack

In-depth analysis :

  • Cybersecurity experts will analyze the ransomware and identify the entry vectors and scope of the attack.

Communication :

  • Inform relevant internal and external stakeholders (suppliers, partners, etc.).
  • Prepare an internal communication to inform employees without causing panic.

Restoration and recovery

Backups :

If you have recent, intact backups, start the restoration process once you're sure the infection is contained.

Cleaning and checking :

  • The experts will ensure that all traces of the ransomware are removed from the systems.
  • Thorough checks must be carried out to ensure that the threat is completely eradicated.

Post-incident prevention and improvement

Post-incident analysis :

  • Once the crisis has been resolved, carry out a post-incident analysis to understand how the attack came about.
  • Identify vulnerabilities in your security systems and processes.

Increased security measures :

  • Implement improvements based on lessons learned from the incident.
  • Review and update your security policies, incident response plans and backup processes.

What does an outsourced CISO do? 

Visit implementation of an Information Security Management System (ISMS) within an Information Systems Department (ISD) can be a complex process. Here's a step-by-step approach, with the right tools for each stage:

  1. Analysis of the environment and definition of the ISMS perimeter At this stage, you need to understand the company's environment, identify key information assets and define the scope of the ISMS. 
  2. Risk assessment Identify and assess the risks associated with each information asset. 
  3. Safety policy development Write a security policy that defines how the company manages information security. 
  4. Implementing controls Implement proactive security by using network detection and vulnerability analysis tools to quickly identify and correct security flaws, thus strengthening the resilience of your information system.
  5. Training and awareness-raising : Ensure your company's security by training staff in security policy, conducting cyber crisis management exercises and carrying out phishing campaigns to reinforce preparedness and responsiveness to IT threats.
  6. Audit and review Security: Carry out regular audits to verify compliance with security policy.
  7. Continuous improvement Regularly review and improve the ISMS in line with audit results and changes in the company's environment. 

Why choose our Outsourcing service?

  1. Specialized expertise : By outsourcing your CIO and CISO, you benefit from the expertise and experience of qualified professionals in the field of information systems management and IT security. You gain access to cutting-edge skills and in-depth knowledge to ensure the protection and smooth running of your IT infrastructures.
  2. Cost reduction : Outsourcing your CIO and CISO can deliver significant savings compared with hiring and managing an in-house team. You can optimize your costs by paying only for the services you need, without having to bear the fixed costs associated with full-time staff.
  3. Flexibility and scalability : Our outsourcing service offers great flexibility, enabling you to quickly adapt your resources to your company's changing needs. Whether you need one-off expertise for a specific project, or ongoing management of your information systems, we're here to support you and provide the resources you need.
  4. Focus on core business: By entrusting the management of your IT department and CISO to external experts, you can concentrate fully on your core business and the development of your activity. You gain peace of mind in knowing that your IT systems are in safe hands, while freeing yourself from the administrative and technical tasks involved in managing them.
  5. Access to cutting-edge technology : By working with an external service provider, you have access to the latest technologies and security tools, enabling you to stay at the forefront of cybersecurity and effectively protect your digital assets.

In this article

10 simple tips for spotting e-mail attacks (phishing and ransomware)

The most common cyberattack scenarios for SMEs

Understanding EDR, SIEM, SOAR and XDR: the complementary nature of cyber defense

Cyber news

Antivirus vs. EDR: why companies need a paradigm shift?

Security Policy Development

Every Cyber Security articles

Phishia protects your business against cyberattacks.

Our Cyber Securities services

Paris - Nantes

contact@phishia.fr

+33 6 85 25 99 28

Monday – Friday: 8:00 AM – 8:00 PM.

Cybersecurity

Artificial Intelligence

CSR

Terms of use

Privacy policy

I have a project
en_US
fr_FR de_DE it_IT en_US

Cybersecurity

PhishiaSOC

Crisis management

Prevention

Outsourced CISO

AI

ISO 42001 & SMIA support

CSR

Carbon Footprint Assessment and Climate Strategies

Life Cycle Analysis and Eco-design

Support for CSRD compliance

Sustainable cybersecurity

Managed SOC

Who we are

Join us

All articles

Cybersecurity blog

Blog IA

Sustainability blog

Contact us