Levi, Ray & Shoup, Inc.

LRS’s security experts provide guidance on issues such as risk management, policy development, user awareness and training, regulatory compliance, audit preparation etc., most commonly through our vCISO engagement. A tailored set of services can be developed for your specific needs, ensuring a right fit for you.


LRS Virtual CISO Program - Total Information Security for Your Business

In today's digital landscape, protecting sensitive information and assets is essential for the success of any business. Unfortunately, many organizations lack the resources or expertise to develop and maintain a robust information security program. That's where the LRS Virtual CISO program comes in.

Our program provides organizations with a cost-effective solution for enhancing their information security posture. Our team of experienced security professionals offers a comprehensive approach to information security, including risk assessment, security architecture design, security strategy development, and ongoing security management.

Our Virtual CISO program is tailored to meet the unique needs of each individual client. Our experts work closely with your team to understand your business goals, operations, and risk profile, and develop a customized security plan that is tailored to your organization.


LRS's Virtual CISO program provides numerous benefits to your organization, including:

  • Access to a highly skilled and experienced security team, without the cost of hiring and maintaining an in-house team
  • Customized security solutions that fit your organization's specific needs and requirements
  • Proactive security management that stays ahead of the latest security threats and vulnerabilities
  • Increased operational efficiency, as our experts identify and mitigate potential security risks before they become a problem

Information security is a constantly evolving landscape and staying ahead of the latest threats and vulnerabilities requires a dedicated and experienced team. Choose LRS's Virtual CISO program, and rest assured that your sensitive information and assets are in good hands. Contact us today to learn more about our program and how we can help secure your organization.


Virtual CISO

Learn More

LRS vCISO Program Tasks

Not only are LRS vCISO tasks customizable, based on the client’s needs, your organization is getting access to an entire security team.

Here are just a few examples of the tasks that LRS can include in your customizable VCISO Program:

Task Description
Vulnerability Management Program Develop implementation and test plans for vulnerability management.  Track progress monthly.
Change Control Process Development Create policies and procedures for change management.  Ensure that change requests are completed, approved, and retained for all system changes in the environment.
Internal and External Vulnerability Assessments Assess public-facing and internal systems for known vulnerabilities.  Provides scoring of vulnerabilities with remediation plans.
Creation and review of Directives Documents - (Policies, Standards, Procedures) Review or author security policies necessary for the environment.  Policies will align with NIST framework, compliance mandates, or any regulations that may dictate specific behaviors or activities.
NIST Framework Alignment Review NIST CSF assessment results and monitor/update improvements in security controls.
Maintain Security Service Catalog Develop and maintain a comprehensive listing of organizational security controls.
Monitor Security Posture Maintain and update Capability Maturity Model documentation.
Security Report Technical analysis, documented deficiencies, executive summary.
AD Security Assessment Review Active Directory design and security configuration.  Develop Corrective Action Plan and remediate findings.
Develop Data Mapping Identify data locations and map the transfer of data within the organization.  Update results on a quarterly basis.
Firewall Assessment Review firewall configurations for loose rule sets, improper configurations, unused access control lists, etc.
Risk Assessments Review existing RA documentation, update, or conduct assessments and provide reporting.
Cloud Security Assessment Review cloud service providers and services for appropriate security controls
Review Incident Response plans Review or develop IR plans relevant to organization’s needs.
Board Report Technical analysis, documented deficiencies, executive summary.
Penetration Testing Identify weaknesses in technology or physical environment that could lead to compromise by a bad actor.
NIST Security Assessment Perform assessment of security controls utilizing the NIST Cyber Security Framework.  Results will be used to drive security controls’ improvement throughout the year.