10/26/2021

vCISO case study: Retailer

    data lock cybersecurity

    Virtual chief information security officers, or vCISOs, can offer businesses the enterprise-caliber expertise needed to architect and implement customized security, privacy, and compliance solutions.

    CohnReznick recently had the opportunity to support a large retailer as a vCISO, helping to strengthen their policies, procedures, and capabilities in a number of critical areas.

    Visibility: Management did not have enough cybersecurity visibility for their IT program and eCommerce platform.

    Solution: CohnReznick provided various sets of ongoing activities to keep management informed of cybersecurity risks across the organization, and provided monthly and quarterly cyber reports.

    Strategy: The company did not have an established cybersecurity vision based on their business objectives, and had limited knowledge of where investments needed to be made.

    Solution: CohnReznick established a cybersecurity strategy that consisted of an adopted framework and short- and long-term goals for the company to achieve that were based on their evolving business strategy.

    Risk awareness: IT and management did not have the resources in place to continuously identify and report cybersecurity risks.

    Solution: CohnReznick performed a comprehensive technical risk assessment that reviewed security controls on the company’s eCommerce platform and infrastructure based on an industry standard.

    Vendor risk: There was a lack of processes in place to understand risks that were being inherited from vendors and service providers.

    Solution: CohnReznick established a vendor risk management program that was scalable for the organization to adopt, and helped define the process to perform due diligence activities, such as identifying vendor cybersecurity risks and risk-rating vendors.

    Compliance: The company did not have enough resources to continuously be aware of new data-related regulations applicable to its eCommerce business.

    Solution: CohnReznick performed an assessment to identify gaps and alignment with the Payment Card Industry Data Security Standard (PCI-DSS), and continues to advise the company of applicable U.S. state and global data privacy-related regulations.

    Security awareness training: The company had a reactive approach in its security awareness and training program and capabilities.

    Solution: CohnReznick helped the company enhance its security awareness and training program with reoccurring training and phishing exercises.

    Incident response: The company did not have documented procedures and communication protocols in place for responding to, managing, and reporting security incidents and data breaches.

    Solution: CohnReznick helped establish an incident response plan with detailed workflows and processes for the incident response team to respond to security events; triage and prioritize security incidents or data breaches; and report them to necessary stakeholders.

    How CohnReznick’s vCISO services can help

    CohnReznick’s industry-agnostic, globally-minded vCISO offering provides a curated selection of security and privacy capabilities to help organizations achieve their specific needs. Contact our team to learn more. 

    Contact

    Bhavesh Vadhani, Principal, National Director, Cybersecurity, Technology Risk, and Privacy

    703.847.9120

    Ali Khraibani, Manager, Cybersecurity, Technology Risk, and Privacy

    862.245.5166

    Subject matter expertise

    • Bhavesh Vadhani
      Contact Bhavesh Bhavesh+Vadhani bhavesh.vadhani@cohnreznick.com
      Bhavesh Vadhani

      CISA, CRISC, CGEIT, PMP, CDPSE, Principal, Global Leader, Cybersecurity, Technology Risk, and Privacy

      Go to Bio
      • Close

      Contact

      Let’s start a conversation about your company’s strategic goals and vision for the future.

      Please fill all required fields*

      Please verify your information and check to see if all require fields have been filled in.

      Please select job function
      Please select job level
      Please select country
      Please select state
      Please select industry
      Please select topic
    data cybersecurity

    The Tangible Cybersecurity & Business Benefits of a Virtual CISO

    Learn more
    speedometer dashboard

    The C-Suite Dashboard Keep Your Business Moving Forward

    Explore insight collection

    Related Insights

    Tech logos illustrating cybersecurity
    Insight

    New SEC cybersecurity guidelines: Next steps for public companies

    GCS_Federal-Agencies-Cybersecurity_web-banner
    Insight

    Federal agencies face complex cyber compliance – but relief is underway

    shadows of people as coworkers/employees discussing and interacting with each other with a blue colorwash
    Insight

    Practical Infrastructure: A blueprint for program management success

    This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. Neither CohnReznick LLP or its personnel provide legal advice to third parties. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its members, employees, and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.