Meet your critical cybersecurity staffing needs with a Virtual Security Team
For research facilities that face challenges meeting their cybersecurity goals due to personnel shortages, budget constraints, or lack of time and expertise, engaging a ResearchSOC Virtual Security Team can provide a cost-effective, rapid-implementation method to address key cybersecurity needs.
The challenge of securing research and education
Securing open science research and higher education requires special expertise, scalable options, and professional incident response, all within time and budget constraints. ResearchSOC Virtual Security Team partnerships allow research IT leaders to comprehensively address both operational and programmatic cybersecurity needs. These needs commonly include inventory management, patch management, intrusion detection, vulnerability management, phishing prevention, policy development, secure software development, staff training, strategy, and incident response planning and preparation.
Meeting the need through virtual, fractional, dedicated expertise
The ResearchSOC Virtual Security Team helps meet those needs with cybersecurity professionals who have experience supporting open science research projects. Under the provisions of a contract or grant, the team addresses identified, and priority cybersecurity, needs with a group of fractional (i.e., less than full-time) employees. The team augments, but does not replace, existing research organization employees.
The team is familiar with a variety of frameworks, compliance regimes, and control sets, including:
- The Trusted CI framework
- The Information Security Practice Principles
Virtual, fractional, dedicated expertise
The ResearchSOC Virtual Security Team (VST) service helps meet those needs with a team of cybersecurity professionals experienced in supporting open science research projects. The team augments, but does not replace, existing research organization employees.
Under the provisions of a contract or grant, the team designs a cybersecurity program that addresses priority oridentified cybersecurity needs with a group of fractional (i.e., less than full-time) employees.
For example, a team could have a remote CISO at .3 FTE, one or two remote security analysts at .45 FTE, and access to an on-call (“break glass”) incident response team.
ResearchSOC provides NSF and other research projects and organizations with virtual security teams in the form of fractional cybersecurity professionals whose skills, knowledge, and experience align directly with and make them uniquely qualified to address cybersecurity risks. Four levels of service are offered:
- Virtual Security Team: A virtual, partial FTE team lead and team tailored to the strategy and needs of a particular facility or project in conjunction with a virtual CISO, CISO advisory, or as a stand-alone package.
- Virtual CISO: A virtual, partial-FTE qualified CISO to embed within a research facility or organization and serve all CISO functions.
- CISO Advisory: A partial-FTE CISO-level security expert who does NOT act as organizational CISO, but is there to advise and coach the organization and its leadership and advise on targeted cybersecurity projects.
- Red Phone: Short-term, on-demand access to skilled cybersecurity personnel who integrate with the organization’s cybersecurity team, providing added capacity and specialist skills needed in resolving a specific cybersecurity incident.
These services offer a cost-effective solution to address top cybersecurity risks, control costs, address personnel management issues, and progress the development of a culture of cybersecurity in open science.
On-call major incident response
The ResearchSOC Virtual Security Team also provides access to on-call expertise in the event of a major cybersecurity incident. In coordination with the research organization’s leadership, the team can engage a broad and deep pool of expertise from Indiana University's Center for Applied Cybersecurity Research, OmniSOC, Information Security Office, and others: over 60 cybersecurity professionals.
Pricing and cost control
Engaging a team of fractional (.5-.25 FTE) cybersecurity professionals provides one method of controlling costs, as does engaging those individuals in a contract or grant relationship. All hiring, development, training, salary and benefit, and related costs are borne by the ResearchSOC. ResearchSOC Virtual Security Team members have extensive experience supporting open science projects and are fully cognizant of budget challenges and constraints. Tiered service pricing is available upon request.
Find out if your organization is a candidate for partnership
ResearchSOC Virtual Security Teams can partner with existing research organizations or facilities or new (construction/development) projects. A limited number of partnerships are available over the next 12-24 months.
Communication is key!
ResearchSOC services, both in the Security Operations Center and in Virtual Security Teams, are tuned to the needs of individual projects based on size, complexity, compliance and regulatory requirements, and other factors. Contact us early in your process to discuss how the ResearchSOC can help.
Download the ResearchSOC VST Overview.
To learn more about ResearchSOC Virtual Security Teams, contact us.
To include ResearchSOC in your proposal, visit our page on including ResearchSOC in your grant or funding proposal.