This article covers revision 2 of 'Improving Cybersecurity of Managed Service Providers', renamed MSP Cybersecurity Jumpstart.
Instead of copying the text from the first article, you can follow this link. It describes the process of creating the original template and shows the progress between the first and second revisions. The text below would be a continuation of that article.
Make Me One With Everything
A little over seven months ago, I presented a topic at Schnizzfest that gained a lot of steam in recent months. The topic of cybersecurity for Managed Service Providers was popping up everywhere from news websites to social media. The topic of my presentation centered on the vulnerabilities of MSPs and why they are the target of malicious attacks. I introduced a template called Improving Cybersecurity for Managed Service Providers designed to get MSPs started on their own cybersecurity program.
The template was different from other templates available in myITprocess and was unique to the goals of MSP security.
- 65 questions derived from the NIST Cybersecurity Framework.
- Trimmed from the original 112 sub-categories included in the CSF for ease of implementation.
- Requirements were translated into more reasonable language for MSPs to understand.
- The How To field would eventually contain information on how to meet the requirements, but in the first release, it only mapped relevant CIS Control 7.1.
Change Comes From Within
Template revision 1 intended to get the ball rolling. There was not a lot of information in the How To section for MSPs to “get going” without much research of their own. I was relying on existing experience and real-world scenarios for MSPs to “take it from here.” The idea is that this template provides a level of utility for our members. The How To field was quite barren and lacking diversity except for mappings to CIS Controls 7.1. Time for an update!
With recent world events and overnight changes to our workflow, I figured it was time to revisit this topic and update the template for our members. More businesses shifted to work from home than we ever thought possible and with that, focused more on the need for cybersecurity. That said, I made some drastic changes to the template for revision 2 to help members stay on track with their own cybersecurity program.
- Changed template name to ‘MSP Cybersecurity Jumpstart’ to differentiate it from other industry best practices.
- Retooled the questions to align with CIS Controls 7.1 Implementation Group 1 to assist with easing into the program.
- How Tos map to relevant NIST CSF subcategories and provide other informational sources.
- Reduced the question count from 65 to 41.
Add Template from myITemplates
You can drag and drop the new template from myITemplates by navigating to your Standards Library > Add new Template > myITemplates.
Creating a Review
Creating a review for your initial or ongoing assessment is no different than a standard onsite assessment. Rather than reinvent the wheel, the links below will forward you to articles already written on certain topics.
Once a new review has been created, you can proceed to answer questions as Yes or No like any other review. At the end of the vCIO portion, you can generate a report to present to your organization’s decision-maker.
Learn more about the CIS Controls 7.1 Implementation Groups
NIST Cybersecurity Framework 1.1