A little over seven months ago I presented a topic at our TruMethods event, Schnizzfest, that gained a lot of steam in recent months. The subject of cybersecurity for Managed Service Providers was popping up everywhere from news websites to social media.
The topic of my presentation centered on the vulnerabilities of MSPs and why they are the target of malicious attacks. I introduced a template called Improving Cybersecurity for Managed Service Providers designed to get MSPs started on their own cybersecurity program. Templates are part of the myITprocess Standards Library, a repository of compliance and best practices our members use to align their customer’s technology and strategy.
The template differed from other templates available in myITprocess and targeted the goals of MSP security.
- 56 questions derived from 112 NIST Cybersecurity Framework sub-categories.
- Clarified the requirement language from the original text.
- The How To field mapped to relevant CIS Controls 7.1.
Template revision 1 intended to get the ball rolling. There was not a lot of information in the How To section for MSPs to get started without much research of their own. I was relying on existing experience and real-world scenarios for MSPs to take the baton. The idea is that this template provides a level of utility for our members. The How To field was quite barren and lacking diversity except for mappings to CIS Controls 7.1. Time for an update!
Recent world events and overnight changes to our workflow called for a revisit and update to the template. More businesses shifted to work from home than we ever thought possible and focused more on the need for cybersecurity. I made some drastic changes to the template for revision 2 to help members stay on track with their own cybersecurity program.
- Changed template name to ‘MSP Cybersecurity Jumpstart’ to differentiate it from other industry best practices.
- Questions now align with CIS Controls 7.1 Implementation Group 1.
- How To field maps to relevant NIST CSF subcategories and provide other informational sources.
- Reduced the question count from 56 to 41.
TruMethods members can find the MSP Cybersecurity Jumpstart in their standards library under myITemplates. With the help of myITemplates, you can better tailor your assessments for clients based on their specific industry needs and requirements. Click here to read a more in-depth article on the template and its history.
As I mentioned before, the Jumpstart template is an evolving project, so look for changes over time. This project improves through user feedback and industry changes, meaning updates will occur once or twice per year.