Security in Action Framework: Determine if an MSSP is a good fit for you
Security frameworks such as the NIST Cybersecurity Framework, Center for Internet Security (CIS) Critical Security Controls or PCI DSS exist to help security professionals identify and implement controls. The frameworks also provide “check the box” tracking for elements an organization should consider in building its security program.
For example:
- The NIST Framework organizes basic cybersecurity functions: Identify, Protect, Detect, Respond and Recover. A profile helps to align the functions, categories and subcategories associated with each cybersecurity function. Implementation tiers allow organizations to explore risk management practices.
- The CIS presents 18 controls, including “inventory and control of enterprise assets” and “data protection.” The overview of data protection reads: Develop processes and technical controls to identify, classify, securely handle, retain and dispose of data.
- PCI DSS exists to protect credit cardholder data with 12 prescriptive requirements including “install and maintain a firewall configuration to protect cardholder data” and “protect stored cardholder data.”
Should you pay the ransom?
While the frameworks include discrete components, all lack two critical elements: (1) customization based on specific client goals, existing technology and services, and industry needs; and (2) continuous improvement of a security program over time. Interpretation and implementation are typically a “from-scratch” effort that is largely “do it yourself” (DIY).
An interactive and customizable framework
The ideal framework allows setup based on your industry, technology, infrastructure, staff, expertise and other variables. Your expectations, requirements, threat landscape, risk profile and security maturity goals matter a lot to security outcomes. And, you should be able to emphasize or de-emphasize certain framework elements depending on your organizational current state, goals and industry.
The Security in Action Framework is interactive and customizable. It’s built on a consultative model, so it fits your organization. Read on to learn about the eight steps of a Security in Action Framework — and the best approach to working with a managed security services provider (MSSP) to achieve better security and business outcomes.
The Security in Action Framework
Services and technologies evolve and so do frameworks. Security in Action reflects next-generation thinking about how to set up and manage your security program.
1. Discover
Thorough, complete discovery and onboarding may be the most important influence on outcomes. A consultative, collaborative process sets the stage for all that follows. Discovery is a great opportunity to be accurate and precise in capturing relevant business objectives, risk factors and security goals — and to clarify your threat landscape and implement the right controls and communications. Additionally, the process:
- Sets the tone and expectations for the service provider
- Helps you build a security program that combines what is known about your organization, such as goals and existing technology and services, with industry and cybersecurity intelligence
- Builds trust in data from many sources to create a safer environment with appropriate security controls
When the analytics data of global threat traffic is combined with threat modeling, you learn which threats are most relevant to your industry and which aspects of your security program to prioritize. Go further with your provider to customize your experience, including where you are in areas of control. Customization enhances your program:
- Select a persona and industry
- Specify your current technology, staff, domains, controls and more
- Select a goal that describes where you want to be in the future
The resulting roadmap shows where to spend your next dollar.
2. Focus
Apply discovery findings to prioritize threats and mitigation efforts based on greatest risk — a direct way to reduce overall organizational risk and pinpoint where to optimize your valuable resources. Gain greater clarity:
- Create a roadmap prioritized by findings for technology and services
- Receive recommendations from cybersecurity experts
- View, keep tabs on and manage your roadmap (and ultimately your entire security program)
3. Prepare
Maximize threat visibility, close high-risk gaps, eliminate overlaps and/or add required security controls:
- Collaborate on architecture and solution designs
- Create a security runbook in collaboration with a provider’s security implementation team (SIT), security operations center (SOC) and network operations center (NOC) teams to make sure you are on the same page with prioritization
- Customize your needed services and technology priorities
Phishing simulations & training
4. Monitor/manage
Monitor and proactively manage your IT environment 24x7x365 with the aid of MSSP resources such as SOCs and NOCs:
- Eliminate swiveling among multiple screens to get as close as you can to operating with a single point of view
- Acquire services that align to what you have already and where you need to be
- Keep track of your entire security program progress including tickets, potential threats, services and technology
5. Notify
Communicate based on the alerts and processes set up during onboarding:
- Reduce false positive alerts
- Receive threat alerts and detailed information about what to do next
- Receive instructions for further actions if they are required
6. Contain
Get the help you need to contain threats and mitigate potential damage:
- Receive assistance from dedicated experts such as a provider’s SIT, SOC and NOC resources
- Work with a certified security incident response team (SIRT) to expedite containment
- Minimize business disruption with automated response options
7. Mitigate
Experience proactive response management:
- Respond to threats 24x7x365
- Remove threats using manual or automated methods
- Return to steady state as quickly as possible
8. Maintain/evolve
Assess and improve your security posture continuously:
- Make decisions based on metrics and ongoing threat modeling
- Participate in regular security reviews
- Adjust your security program and controls to keep up with the changing threat landscape and business/industry requirements
Think cybersecurity bookends
All MSSPs should offer certain Security in Action steps: Discover, Focus, Prepare and Maintain/Evolve. Why? Because the initial steps start the “bookends” that cover proper customization and onboarding, setting you up for success with your managed security services. The Maintain/Evolve step closes the loop by supporting continuous improvement. Unfortunately, not all MSSPs think this way.
Most MSSPs cover the middle steps: Monitor/Manage, Notify, Contain and Mitigate. These are largely SOC-based services that can be outsourced either fully or partially. However, few providers think in terms of the best setup and outcomes at the beginning of and throughout the client lifecycle.
Phishing simulations & training
Achieve better security and business outcomes
The Security in Action Framework adds the crucial areas missing from other frameworks: customization and continuous improvement. All eight steps work together to improve both day-to-day operations and your cyber resilience (be ready for anything). Integrated steps also make it easier to balance the human intelligence, technology and processes your organization needs.
Efficient, effective managed security services are individualized for each organization and take into account industry-specific nuances. When you evaluate MSSPs, map their approach and capabilities to the Security in Action Framework. Then you can determine if a MSSP delivers the right service that allows your organization to improve security and business outcomes.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Security in Action Framework: Determine if an MSSP is a good fit for you
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization