The Virtual Cyber Consultant (VCC) Service is a remote-only, full-service cyber consultancy service that offers 300+ services in over 15 cybersecurity domains.
The VCC service is right for you if you have immediate requirements in cybersecurity, governance, risk and compliance that they need fulfilled in a short span of time. Some requirements from our clients, include, but are not limited to:
Our VCC Service leads to considerable cost savings. Not hiring full-time staff means no recruiter fees, no contractors, no salaries, no holiday or sick pay. What about urgent requirements? Not a problem as you can utilise your allocated Zoom hours in one go & buy more when required.
With our VCC Service, you get access to highly-skilled cybersecurity practitioners with a wealth of cross-industry experience, at a fraction of the cost of hiring them. You are always supported by an experienced Security Consultant via Zoom calls and can ask any question you like.
We can either take on the role of being your Infosec team or we can offer support to your existing team. If your resources are stretched and you have an immediate cybersecurity requirement, our VCC Service is perfect for you.
If you are looking to RAPIDLY improve your existing cybersecurity maturity and/or achieve compliance, improve risk management, governance, business continuity & Incident Response, our Virtual Cyber Consultant Service is ideal.
As the name suggests, our Virtual Cyber Consultants will help you with all your cybersecurity requirements including supplier questionnaires, Cyber Essentials, Incident Response Plans, Playbooks and much more.
The USP of our VCC Service is the incredible flexibility it offers. You can choose from 4 Service Tiers (Silver, Gold, Platinum & Platinum+), 300+ Services & flexible payment options to make a choice that's absolutely fit for your business.
The Virtual Cyber Consultant model is affordable & specially tailored for medium to large enterprises that do not wish to pay exorbitant consultancy fees to achieve their cybersecurity goals. The service has been specifically designed for those businesses which have urgent cybersecurity requirements. If you are not in a hurry or if you don't have an immediate requirement then we recommend you try our VCA or Virtual Cyber Assistant service.
Regardless of which service you select Cyber Management Alliance Ltd is known for its laser focus on customer service and satisfaction.
The Virtual Cyber Consultant Service offers 4 Service Tiers - Silver, Gold, Platinum, and Platinum+. Each Service Tier comes with a different number of Zoom hours & additional benefits. No matter how extensive or urgent your cybersecurity requirement may be, there is a Service Tier for you. The best part is that you can use all the Zoom hours allocated to your Service Tier in one go if the need arises.
With flexibility as its USP, the VCC Service comes with both Monthly and Annual Payment options. For a monthly-paying client, there is no commitment. Annual clients, who pay upfront for 12 months or more, are entitled to a discount of up to 30% on the monthly charge. In addition, annual paying clients have access to many additional benefits and premium features including extra Zoom hours.
The Virtual Cyber Consultant Service offers you access to 300+ Cybersecurity, Governance, Risk & Compliance Services across 15 Domains. This means that no matter what your immediate cybersecurity requirement might be, the VCC Service should be able to cover it. We also offer readymade packages including Cyber Essentials, ISO 27001, BCP & more.
Implement a Cybersecurity framework and/or want to follow best practices.
Become Cyber Essentials Certified and you need comprehensive support in this area.
Align your business with the ISO 27001:2022 Standard because your management is worried about the lack of standards and/or cyber frameworks in the organisation.
Implement a Cyber Risk Management Framework and you want to follow best practices.
Have Incident Response Playbooks created, reviewed and/or refreshed so you can better respond to cyber-attacks.
Get a complete review of your Business Continuity & Disaster Recovery plans, processes and procedures.
Bolster your ability to respond to and recover from cyber-attacks and ransomware attacks & need support in creating and implementing a cybersecurity incident response plan along with related processes and response playbooks.
Review cybersecurity practices in your Supply Chain and define onboarding and other processes in accordance with the best practices.
Have your cybersecurity practices in Asset Management reviewed and define processes in accordance with the best practices.
Have the Risk Management Framework implemented even if you do not necessarily want to be certified with ISO 27001.
Identify assets and define asset management processes.
Define processes to manage cybersecurity in the supply chain.
The VCC or Virtual Cyber Consultant service is highly affordable and flexible. However, Cyber Management Alliance offers an even more cost-effective cyber consultancy service called Virtual Cyber Assistant.
Here are the key differences:
Virtual Cyber Consultancy (VCC)
Virtual Cyber Assistant (VCA)
|Immediate and urgent requirements in cybersecurity, governance and risk||Gradual improvements in cybersecurity, risk and governance|
|Unlimited, remote Zoom or MS Teams access to our senior consultants||Time-limited remote access to cybersecurity consultants. Primarily, an asynchronous, ticket-based service.|
|Enhanced interaction and engagement with continuous live engagements.||Primarily, an asynchronous, ticket-based service.|
|Consume ALL your days in one GO! For example, you can use your 24 days consecutively over 24 days (assuming you have purchased the Gold Service Tier)||Limited to number of days per month. Example, in our Gold Service Tier you get a total of 24 days per year, but you can only consume 2 days a month.|
"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."
Aaron Townsend, Service Delivery Manager, British Medical Journal
Benefits, Features & Pricing
Here is a closer look at what each Service Tier offers
We will support the organisation to create and adapt to cybersecurity framework based on ISO 27001. We will evaluate the current posture, provide recommendations for improvement, Create relevant policies and processes. Develop a Risk assessment methodology and assist in conducting Risk assessment. We will also provide you with templates and records to be maintained to ensure alignment to the framework.
We can review and comment on your ISMS framework and maintenance practices. We will review the relevant policies, processes, procedures and records.
We will support the organisation to create and adapt to cybersecurity framework to comply to all Cyber Essentials requirements. We will evaluate the current level of compliance, provide recommendations for improvement, create relevant policies and processes. We will also provide you with templates and records to be maintained to ensure compliance to the requirements.
We can review and comment on your compliance to Cyber essentials requirements. We will review the relevant policies, processes, procedure, and records.
We will support the organisation to create and adapt to the business continuity framework based on ISO 22301. We will conduct BIA (Business Impact Analysis) to identify critical assets and relevant acceptable unavailability periods, and create relevant policies and processes. We will help the organisation develop a Risk Assessment methodology and assist in conducting Risk Assessment. Based on the outputs of the assessment, we will support in creating Business Continuity plans and Disaster Recovery plans. We will also provide you with templates and records to be maintained to ensure alignment to the framework.
We can review and comment on your Business Continuity & Disaster Recovery Plans and maintenance practices. We will review the relevant policies, processes, procedures and records.
We will support the organisation to create Incident Response plans based on industry-accepted frameworks NIST SP 800-61 and SANS. We will assess the current practices in place and suggest recommendations for improvement. We will create Incident Response-related documents including Policy, roles & responsibilities, Processes, and Incident Response Plans. We'll also create playbooks to support timely and effective cyber incident response.
We can review and comment on your Incident Response Plans and practices against industry-accepted frameworks NIST/SANS. We will review the relevant policies, processes, procedures and records.
We will support the organisation to create and adapt to the cyber risk management framework based on ISO 31000/NIST SP-800. We will identify critical assets/processes, develop a Risk Assessment methodology and assist in conducting Risk Assessment. We will also provide you with templates and records to be maintained to ensure alignment to the framework.
We can review and comment on your Risk Management Framework and implementation. We will review the relevant methodology, assessment report and relevant records.
We will create, review and evaluate your organisational cybersecurity controls for your supply chain management processes. We'll connect with you to understand the areas/services with supplier involvement, data shared, IT controls implemented and high-level guidelines, if any in accordance with the same.
We can review and comment on your supply chain management processes and its implementation. We would connect with you to understand the areas/services with supplier involvement, data shared, IT controls implemented and high-level guidelines in accordance to the same. We will review the relevant policy, standard and relevant records.
We will help you create Information Asset registers, classify assets and develop cybersecurity integrated processes to manage your asset lifecycle. We will address all types of assets - Hardware, Non-IT, Software, Paper, Staff/People, Electronic, etc.
We can review and comment on your Asset Management processes, Information Asset registers, Asset Classification and overall Asset Management Lifecycle.
All our subscribers can ask our experts any questions at no cost to the allocated hours.
The World's First Truly Flexible Cyber Consultancy Subscription Service.
You can ask us to Create New, Review & Refresh from over 15 Service Domains.
Total flexibility: Upgrade or downgrade your service at anytime using our self-service portal.
You have been busy and couldn’t use up all the days in your Service-Tier. No problem. Roll them over to the next contract.
Our Cybersecurity-as-a-Service model negates the need for raising separates POs for separate projects.
Want more information on what is a Virtual CISO, Virtual CISO Services & Virtual CISO hourly rates? Book a no-obligation discovery call with one of our consultants.
Here's a quick look at 15 of the main service domains that we cover in our Virtual Cyber Consultant Services UK. There are several sub-categories under each domain, some of which have been listed below.
1. Cybersecurity Strategy
2. Cybersecurity Policy & Procedures
3. Cybersecurity Roles & Responsibilities
4. Crisis Management Procedures
5. Disaster Recovery & Business Continuity Plans
1. Incident Response Plan
2. Policies, Plans & Procedures
4. Threat Actor Library
5. Mapping of incidents/Security events
1. Risk assessment
2. Risk mitigation plan/Risk prioritization
3. Audit/Assessment reports
4. Incident tracker & Change management tracker - Major Changes
5. Information asset registers
1. Agreements with Suppliers
2. Requirements in Supply chain
3. Evaluation of cybersecurity controls in supply chain
4. Policies & Procedures
5. Evaluation & Monitoring checklists
1. Gap assessment
2. Measurement of effectiveness of controls
3. Previous audit report closures
4. Implementation of controls
5. ISO 27001 & Cyber Essentials
1. Policies & Procedures
2. Measurement of effectiveness
3. Compliance to organisational framework
4. Audit plans & Assessment reports
5. Information security strategy
1. Architecture diagram
2. Comparison of solutions
1. Information classification
2. Data flow analysis
3. Information access controls/restrictions
4. Data leakage controls
2. IT Procedures
3. Configuration guidelines
4. Incident/Problem Management
5. Effectiveness of IT Security controls
1. Asset Management
2. Information asset registers
3. Information classification and labelling
4. Asset criticality
5. Asset handling procedures
1. IT Operations Security Policies
2. IT Security Operating Processes
3. Configuration Guidelines
4. Incident Management Processes
1. Audit Report Response
2. Audit Report – Corrective Action Plan
3. Penetration Testing reports review & closure plans
4. Audit Plans
1. Cloud Security Policies
2. Cloud Security Processes
3. Configuration Guidelines
4. Cloud Security Strategy
5. Review of Cloud Service Agreements
1. Organisational Cyber Security Strategy
2. Management Review Updates
3. Continual Improvement Plans
4. Organisational Risk Profile
1. Business Continuity/Cyber Resilience Strategy
2. Crisis Management Plans
3. Incident Response Plans
5. Business Impact Analysis
The information on this page and related pages and documents is Copyright of Cyber Management Alliance Ltd. The VCC or Virtual Cyber Consultant term, other terms, information, concepts, ideas, workflows, processes, procedures and other content that directly or indirectly supports the VCC Service are Copyright of Cyber Management Alliance Ltd. Copyright 2022.