British Medical Journal vCISO Case Study

One of the problems for small-to-medium companies often is the budget required to hire an expert, full-time CISO. It’s normally very expensive considering more often than out, there isn’t adequate work for a full-time CISO in enterprises of that size. Therefore, British Medical Journal decided to look for an alternative, cost-effective way to fulfill its requirements for cybersecurity expertise and guidance.

Client Goals

The client, Aaron Townsend, Head of Service Delivery for BMJ, articulated the following objectives while engaging Cyber Management Alliance for its vCISO service:

A virtual CISO who could come in and advise the organisation on the right way to do things.
An expert who could tell the business where its risks were.
Direction about how to tackle the risks and in what order.

"In order for BMJ to find the right way forward, we looked for a virtual CISO - someone who could virtually come in and advise us on the right way to do things"

– Aaron Townsend, Head of Service Delivery, British Medical Journal

Feedback

Aaron elaborated on his organisation's experience with Cyber Management Alliance's vCISO service.

He said, “We went to Cyber Management Alliance trying to find a way forward on this (the organisation's cybersecurity needs). It's been a year now that we kicked off this association. We had a very successful onboarding session."

As part of the onboarding process, British Medical Journal completed the following activities:

A cybersecurity workshop with the executives.
A review of the Incident Response Capabilities, Plans and Procedures.
Creation of an Incident Response Plan.

With the Incident Response Plan in place and with a new vCISO, Aaron feels the organisation is much better prepared for any cybersecurity events and is in a position where the staff knows the way forward.

“Our vCISO keeps us on our toes in the sense of making sure that we’re always pushing forward with our high priority items. Overall, it’s proved to be a very effective way of delivering expertise into the organisation that we wouldn't have normally had. If anyone is looking for that kind of option in terms of having that kind of expertise for your organisation, it is certainly something that I would recommend.”

- Aaron Townsend

NCSC Assured Cyber Incident Planning & Response Course

NCSC Assured Building & Optimising Cyber Incident Response Playbooks Course

NCSC Assured Cyber Security & Privacy Essentials

Cyber Tabletop Exercise Masterclass

Cybersecurity Training for Executives

Cybersecurity Training for Management

All Cyber Security Training Courses

Special Limited Time Offer: Buy One Get One Free

Cyber Tabletop Exercises

Executive Briefings and Awareness Sessions

Ransomware Tabletop Exercise

Cyber Tabletop Exercise Masterclass

Verbally simulated, business-impacting realistic cyber-crisis scenario. We offer the following Tabletop Exercise workshops:

Cybersecurity Assessments

Ransomware Readiness Assessment

Breach Readiness Assessment

SIEM & Use Case Assessment

Cyber Incident Response Maturity Assessment

One-Day NIST Cyber Health Check

Security Gap Assessment

ISO 27001 Audit

Third-Party Assessments & Audits

Cybersecurity Consultancy

Cybersecurity Consultancy Services

VCISO

Trusted Advisory

Virtual Cyber Consultant (VCC)

Virtual Cyber Assistant (VCA)

Crisis Communications

Wisdom of Crowds

Upcoming Events

Previous Events

Live Events Feedback

Virtual Private Events

Executive Roundtable Dinners

Previous Event Keynotes

Growth Services

Content Creation

Cybersecurity Blog

Webinars

Wisdom of Crowds

Case Studies

Client Testimonials

Our Clients

About CMA

Meet the Team

Contact Us

British Medical Journal

British Medical Journal Case Study

Client Goals

Feedback

British Medical Journal