What does a vCIO do? IT Security Audit

We are continuing our series that gives back to the industry answering the question, “What does a vCIO do?” and each article will outline a specific service offering of Outsourced CIO LLC in the day and the life of a vCIO.  Some call this “virtual” Chief Information Officer or “fractional” CIO (we prefer fractional as the “vCIO” term has become a buzzword and misleading – see our FAQ on this)  and for the sake of this series, we will be changing the “v” to mean “VALUED” CIO.  Because the vCIO creates value for growing businesses who might not otherwise be able to afford a Chief Information Officer.  In honor of National Cybersecurity Awareness Month, our topic for today is “IT Security Audit”

This is can be an Annual Project or a monthly service estimated at 5-hours.National Cybersecurity Awareness Month 2019

Deliverable: Define the scope; Create asset lists; Create a threats list; System scans, network assessments, interviews; IT Security Needs Assessment with executive meeting; Developing a response plan; Implement network access controls; Implement intrusion prevention; Implement access management; Implement backups; email protection and filtering; prevention of physical intrusions.

Description:  Problem:  IT security is not a static state. The ever-changing IT infrastructure landscape requires a review of IT security measures from time to time to be able to maintain it. The first step is to establish baselines of IT security, against which we’ll measure the actual situation. An IT security audit is a systematic measurable technical assessment of the entire IT infrastructure.

Benefits:  We’ll get a clear picture of potential IT security threats and an action plan to address the issues. Assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems.

Value Statements:  Critical Information inside our IT systems is secure and managed properly across the organization.


  • IT Security Needs Assessment (OCIO proprietary assessment).
  • OCIO Cybersecurity Checklist (e-book, FREE).
  • *Email us if you would like a copy of these template (s).

That’s is it!  That is what a vCIO does.  Have a tech-stress free day from Outsourced CIO LLC, where we demystify technology for growing businesses.

*Extra resource reinforcing the topic area is below.  Disclaimer, resources/links are not necessarily endorsing the products, goods, and services of the author and should not be construed as an Official OCIO endorsement of said resource/vendor.