A Managed Services Provider (MSP) had grown to servicing enterprise clients who had security and privacy compliance audits of their vendors, including Framework’s client, the MSP. They needed a new policy that would improve incident response, security awareness, and end-point protection. Framework tackled this problem by instituting a cybersecurity program in line with the latest technologies and tactical policies.
INSTITUTING A CYBERSECURITY PROGRAM FOR A LEADING MSP
- Multiple customer audits overwhelming management staff
- A need to greatly improve response time to satisfy their customer’s demand
- A desire for operational excellence and the latest technology
- Improve incident response, security awareness, and end-point protection
- Determine the best foundational security framework that would satisfy all their requirements
- Leverage a cloud based GRC application to easily respond and manage assessments/compliance.
- Become a champion to customers because they make security a priority.
- Utilize domain expertise when prioritizing investments to drive continuous improvement around their security posture
- Implement Framework’s first of three phrased solution
- The “Investigate” phase was comprehensive but required only a small amount of time from our client’s resources.
- A quick questionnaire, a few interview style discussions to dig in to the details with an overview description of their existing boundary defense and vulnerability management toolset.
- The customer delivered all their existing policies and procedures and prior audit reports.
- Evidence was imported into the CyberStrong platform for analysis and controls were rated.
- Using CIS 20 allowed them to get a base foundation that can be leveraged for PCI/ISO/HIPPA in the future as needed by mapping the controls and minor changes.
- Management was able to focus on the business/service delivery, instead of dealing with requests from auditors.
- Framework was able to find several quick wins that fit client’s budget to accelerate their security program.
- Framework provided a new flexible and modern cybersecurity program including an InfoSec Policy and Procedure package.