Instituting a Cybersecurity Program

Instituting a cybersecurity program for a leading MSP

A Managed Services Provider (MSP) had grown to servicing enterprise clients who had security and privacy compliance audits of their vendors, including Framework’s client, the MSP. They needed a new policy that would improve incident response, security awareness, and end-point protection. Framework tackled this problem by instituting a cybersecurity program in line with the latest technologies and tactical policies.

Instituting a Cybersecurity Program


  • Multiple customer audits overwhelming management staff
  • A need to greatly improve response time to satisfy their customer’s demand
  • A desire for operational excellence and the latest technology
  • Improve incident response, security awareness, and end-point protection


  • Determine the best foundational security framework that would satisfy all their requirements
  • Leverage a cloud based GRC application to easily respond and manage assessments/compliance.
  • Become a champion to customers because they make security a priority.
  • Utilize domain expertise when prioritizing investments to drive continuous improvement around their security posture


  • Implement Framework’s first of three phrased solution
  • The “Investigate” phase was comprehensive but required only a small amount of time from our client’s resources.
  • A quick questionnaire, a few interview style discussions to dig in to the details with an overview description of their existing boundary defense and vulnerability management toolset.
  • The customer delivered all their existing policies and procedures and prior audit reports.
  • Evidence was imported into the CyberStrong platform for analysis and controls were rated.
  • Using CIS 20 allowed them to get a base foundation that can be leveraged for PCI/ISO/HIPPA in the future as needed by mapping the controls and minor changes.


  • Management was able to focus on the business/service delivery, instead of dealing with requests from auditors.
  • Framework was able to find several quick wins that fit client’s budget to accelerate their security program.
  • Framework provided a new flexible and modern cybersecurity program including an InfoSec Policy and Procedure package.