Home Business framework Security Framework in Action – The Best Way to Work with an MSSP

Security Framework in Action – The Best Way to Work with an MSSP


Security frameworks are essential in helping security professionals determine the most effective security program for their organizations, including how they leverage the security services of vendors and Managed Security Service Providers (MSSPs). ). Frameworks help practitioners identify and implement controls, as well as provide a “tick the box” tracking mechanism for the items an organization identifies that it needs to strengthen its security posture.

Common security frameworks
Security frameworks help manage cybersecurity risks, and you may be familiar with several:

  • The NIST Framework organizes the basic cybersecurity functions: Identify, Protect, Detect, Respond, and Recover. A profile makes it possible to align the functions, categories and subcategories associated with each cybersecurity function. Implementation levels allow organizations to explore risk management practices.
  • The CIS presents 18 controls, including “inventory and control of company assets” and “data protection”. The data protection overview reads as follows: Develop processes and technical controls to identify, classify, manage, retain and securely dispose of data.
  • PCI DSS exists to protect credit cardholder data with 12 prescriptive requirements, including “install and maintain a firewall configuration to protect cardholder data” and “protect stored cardholder data”.

What is missing ?

While these frameworks cover discrete components, importantly, they are missing two important elements:

  1. Customization based on specific client goals, existing technology and services, and industry needs
  2. Continuous improvement of a safety program over time.

These items have traditionally been approached by the organization itself (as opposed to a vendor or MSSP) as a do-it-yourself effort.

The ideal setting allows for configuration to suit your industry, technology, infrastructure, people, expertise, and other variables. Your expectations, requirements, threat landscape, risk profile, and security maturity goals are very important to security outcomes. And, you should be able to emphasize or emphasize certain elements of the framework depending on the current state of your organization, your goals, and your industry.

Safety framework in action
The security framework in action is interactive and customizable. It’s built on a consultative model, so it adapts to your organization. The framework consists of eight steps and offers the best approach for working with an MSSP to achieve better security and business outcomes.

  1. Discover: This step is about a comprehensive discovery and onboarding process that captures all relevant business goals, risk factors, and security goals.
  2. To concentrate: Focus enables you to apply findings and prioritize threats and mitigation efforts.
  3. To prepare: This is the time for collaboration on architecture and solution designs, as well as the creation of a security runbook.
  4. Monitor / Manage: This step is centered on the monitoring and proactive management of your IT environment 24 hours a day, 7 days a week, 365 days a year, in close collaboration with an MSSP.
  5. To warn : Communication is essential in this part of the process, which includes alerts on potential security threats and information on what to do next.
  6. Contain: When a threat is identified, you work with experts such as your Security Implementation Team (SIT), Security Operations Center (SOC), and Network Operations Center (NOC) to contain the threat before it causes more damage.
  7. Mitigate: Mitigate the threat with proactive 24/7 response management, getting you back to business as usual as quickly as possible.
  8. Maintain / Evolve: Evaluate and continuously improve your security posture.

Look for an MSSP that offers these eight steps to improve both day-to-day operations and your cyber resilience. These steps also facilitate the balance between human intelligence, technology, and processes that your organization needs.

Want to learn more about this important framework? Read the white paper now.

The Security in Action Framework – The Best Way to Work with an MSSP post appeared first on Nuspire.

*** This is a Nuspire Security Bloggers Network syndicated blog written by the Nuspire team. Read the original post at: https://www.nuspire.com/blog/security-in-action-framework-the-best-way-to-work-with-an-mssp/