INSTITUTING A CYBERSECURITY PROGRAM FOR A LEADING MSP

grey building with windows and complex infrastructure

A Managed Services Provider (MSP) had grown to servicing enterprise clients who had security and privacy compliance audits of their vendors, including Framework’s client, the MSP. They needed  a new policy that would improve incident response, security awareness, and end-point protection. Framework tackled this problem by instituting a cybersecurity program in line with the latest technologies and tactical policies.

CHALLENGE

  • Multiple customer audits overwhelming management staff
  • A need to greatly improve response time to satisfy their customer’s demand
  •   A desire for operational excellence and the latest technology
  •   Improve incident response, security awareness, and end-point protection

Opportunity

  •   Determine the best foundational security framework that would satisfy all their requirements
  •   Leverage a cloud based GRC application to easily respond and manage assessments/compliance.
  •   Become a champion to customers because they make security a priority.
  •   Utilize domain expertise when prioritizing investments to drive continuous improvement around their security posture

Approach

  • Implement Framework’s first of three phrased solution
  • The “Investigate” phase was comprehensive but required only a small amount of time from our client’s resources. 
  • A quick questionnaire, a few interview style discussions to dig in to the details with an overview description of their existing boundary defense and vulnerability management toolset.
  • The customer delivered all their existing policies and procedures and prior audit reports.
  • Evidence was imported into the CyberStrong platform for analysis and controls were rated.
  • Using CIS 20 allowed them to get a base foundation that can be leveraged for PCI/ISO/HIPPA in the future as needed by mapping the controls and minor changes.

Results

  • Management was able to focus on the business/service delivery, instead of dealing with requests from auditors.
  • Framework was able to find several quick wins that fit client’s budget to accelerate their security program.
  • Framework provided a new flexible and modern cybersecurity program including an InfoSec Policy and Procedure package.