3. Security Portfolio and Baseline Security

Security Portfolio and Baseline Security

Working within the commercial side of Cyber Security we’re finding that those in the IT department are unfortunately being lumped with the Job of Security. Realistically Security should be a separate job, due to the time investment it takes on top of the “business as usual jobs”. However public opinion is “if it has a plug attached to it, it’s part of IT’s role”. This distinction should be made clear to your clients, or you should be charging more as you will need more employees to keep up with your clients demands, otherwise your Opex will increase and your profits will slim. If it’s not in their contract, then you shouldn't be delivering it.

They should be doing everything they can to benchmark their IT security,If they were compromised it will be their name in the papers not yours.

With baseline Security, A LOT ! are in the dark with what to do. Some don’t even see this as a problem yet. From our side we see it as a case of, “when” you get hacked, it’s not going to be “If” you get hacked anymore. We suggest 4 Pillars for security. Policy's | Testing | Cleansing | Preventing

A good place to start is to find out their security matrix (i.e. what is the risk of a hack to their business and what would the damages be ? From this you would move onto the next question "What policy's do they have in place for security, and are they the right policy's ?". If they're starting a fresh we'd suggest they hire one of our virtual CISOs/Security Managers to implement changes. For a SME with an average risk we would suggest Annual Pen tests of their infrastructure ( depending on how often they change it), followed by quarterly scans. Now that the Network has been tested to protect against external threats, it'd be useful to see if there are any dormant malware that is undetected.We'd suggest a Network Threat Assessment, this would monitor traffic and data on their network and would be manually combed through (you'd be surprised how many large enterprises we've found riddled with Malware). The last process would include prevention, so the likes of social engineering/phishing and even teaching developers how to code securely. From a commercial side, this is the baseline we are told to "sell" and educate our clients about.

But hey if the work gets too much for you, you can always chuck a few leads my way/partner with us haha

/r/msp Thread
Previous
Next

Recently removed from /r/msp

New MSP | Security Stack What brand of network equipment are you using these days? Simple Way to get Windows 10 Enterprise for a client-hosted VM? I'm shopping around all the major RMMs and concerned they all mis-state NIST and ISO27001 compliance. Rewst.io Founder of Datto shares thoughts on Kaseya What would be the best toolset, (PSA, RMM, Documentation, Security) Regarding Kaseya buying Datto Different Domain for remote tools/web applications Hobbyist MSPs MSP hack - just wow; its great until it isnt Sick of clients re-shopping my hardware quotes Can Azure beat private cloud hosting? Mental health of MSP owners and technicians We started poking at selling smart home automation. It's not as far from the MSP wheelhouse as you might think.

More Random Comments

Medical protocol for horse bites that break the skin? New a*hole gelding bit my face Putin’s alleged mistress has $100M, ‘Pandora Papers’ reveal Vs XIII obsession scrapbook - Still can't seem to let this one go Why I think US political parties have become so divided. What do you think? I'm about to sue my late-wife's family and it makes me sick [UPDATE] I don’t understand tipping culture in America. It's Time the ISU Issue a Vaccination Mandate and Make Full Vaccination Against COVID Required For All Participants of ISU Events (This Includes Skaters, Coaches, Judges, Family, Staff, Fans, etc.) Heion Sedai no Idaten-tachi - Episode 11 discussion - FINAL Can I have a quick profile Review ? Open Thread: Weekday Edition #41 (Oct 2021) Mushoku Tensei: Isekai Ittara Honki Dasu - Episode 12 discussion What is the Libertarian view on "socialism for the rich"? Weekly No Stupid Questions Thread How can I frame it to my psychiatrist that I'm coming off my lithium? Leaving TEFL with substantial money saved, but not much else.