INSTITUTING A CYBERSECURITY PROGRAM INSTITUTING A CYBERSECURITY PROGRAM FOR A LEADING MSP
A Managed Services Provider (MSP) had grown to servicing enterprise clients who had security and privacy compliance audits of their vendors, including Framework’s client, the MSP. They needed a new policy that would improve incident response, security awareness, and end-point protection. Framework tackled this problem by instituting a cybersecurity program in line with the latest technologies and tactical policies.
Multiple customer audits overwhelming management staff A need to greatly improve response time to satisfy their customer’s demand A desire for operational excellence and the latest technology Improve incident response, security awareness, and end-point protection Determine the best foundational security framework that would satisfy all their requirements Leverage a cloud based GRC application to easily respond and manage assessments/compliance. Become a champion to customers because they make security a priority. Utilize domain expertise when prioritizing investments to drive continuous improvement around their security posture Implement Framework’s first of three phrased solution The “Investigate” phase was comprehensive but required only a small amount of time from our client’s resources. A quick questionnaire, a few interview style discussions to dig in to the details with an overview description of their existing boundary defense and vulnerability management toolset. The customer delivered all their existing policies and procedures and prior audit reports. Evidence was imported into the CyberStrong platform for analysis and controls were rated. Using CIS 20 allowed them to get a base foundation that can be leveraged for PCI/ISO/HIPPA in the future as needed by mapping the controls and minor changes. Management was able to focus on the business/service delivery, instead of dealing with requests from auditors. Framework was able to find several quick wins that fit client’s budget to accelerate their security program. Framework provided a new flexible and modern cybersecurity program including an InfoSec Policy and Procedure package.