2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

5 Decisive Questions to Ask Your Managed Security Services Provider (MSSP)

5 Decisive Questions to Ask Your Managed Security Services Provider (MSSP)>
Social, Agile, and Transformation – Isaac Sacolick
As a digital transformation, product, technology, and data/AI leader, the author recognizes the importance of information security but does not consider it a top area of expertise
When it comes to prioritizing security risks, developing a roadmap, and overseeing security operations, the author seeks the help of Managed Security Services Providers (MSSPs) and virtual CISOs (vCISOs)
The author outlines five key questions to ask MSSPs to help clients understand risks and make better decisions when procuring security services:
1) What are they protecting, and what are some examples of successful remediations
The MSSP should be able to explain the problems they solve and share examples that illustrate the risks, benefits of their approaches, and proven results.
2) What steps must IT and the business take to deploy the solution
The MSSP should provide a templated playbook outlining who’s doing what and when, and to what extent they provide security training, tabletop exercises, and other executive/employee engagement services.
3) What are they not protecting, and what other solutions may be needed to address these risks
The MSSP should be transparent about their scope of services and advise on potential partners/solutions for services outside their scope.
4) What role does the MSSP play in incident management
The MSSP should demonstrate expertise, process, tools, communication practices, and partners in managing incidents such as ransomware, insider threats, and state-sponsored threats.
5) When the MSSP finds a material vulnerability, how is it remediated
The MSSP should recommend and oversee remediations, including automations to patch systems, with costs, scope of services, and target service levels specified
The author emphasizes the importance of having an expert team of guides with procedures, tools, and partners for best practices and protection in the ever-changing landscape of information security.
Link: https://blogs.starcio.com/2024/05/managed-security-services-provider-mssp.html

Categories:

Tags: