AN MSPs GUIDE TO NIST COMPLIANCE
STEVE RUTKOVITZ ABOUT STEVE RUTKOVITZ For over 20 years, Steve owned and operated a very successful MSP business. With a clear understanding of the market needs, he developed an innovative IT and business process. STEVE’S SKILLS Security and Compliance Risk Assessments Educating Management PRESIDENT & CEO 2
CHOICE CYBERSECURITY Assess Suite of Expertise MRR Address Products and Services Maintain Having been in the Our proven three With a robust suite With minimal MSP industry, we step process has of products and changes to your understand the helped MSPs services, you can current offerings, marketplace and improve client put your clients' MSPs can increase its needs. relationships and security and revenue by at increase MRR. compliance least 40%. worries at ease. 3
THE COMPLIANCE WEBINAR SERIES Why Focus on Compliance? Each month, we will explore one compliance regarding security and best practices. Our goal is to empower you to approach your customers in certain verticals with confidence. A deeper understanding of a compliance offers: Subject matter expertise ● Trusted relationships ● Separation from the competition ● More opportunities for recurring revenue ● 4
Our Proven Process Our Proven Process A Structured Repeatable System 5 5
WHAT’S REQUIRED? State • Compliances Laws • Best Practices • Self Assessments Supply Compliance Chain Best Practices 6
WHAT’S AT RISK? Confidential Client Data Breaches 1 5 Company Brand Customer Contracts 2 6 Reputation Data Assets 3 7 Fines Client Relationships 4 8 7
Federal Information Security Management Act (FISMA) Structured framework to protect government information, operations and assets 9 Steps Towards Compliance: 6 | Assess the effectiveness of the security 1 | Categorize the information to be protected. controls once they have been implemented. 7 | Determine agency-level risk to the mission 2 | Select minimum baseline controls. or business case. 3 | Refine controls using a risk 8 | Authorize the information system for assessment procedure. processing. 4 | Document the controls in the 9 | Monitor the security controls on a system security plan. continuous basis. 5 | Implement security controls in appropriate information systems. 8 8
NIST STRUCTURED FRAMEWORK The Fastest Growing US Compliance 9
GROWING MARKET Cybersecurity Framework Usage 50% PROJECTED As of 2015, 30% of U.S. organizations use the 50 NIST Cybersecurity Framework; and use is predicted to rise to 50% by 2020 according Percentage of U.S. Organizations to Gartner research. 40 30% 30 20 10 0% 0 2012 2015 2020 Years 10
Who Needs NIST? Government Contractors 1 Non Profits 2 State and Local Gov 3 Businesses 4 11
RISK ASSESSMENTS • Build a Baseline • Uncover Gaps and Risks • Expose Vulnerabilities • Analyze Layers of Defense • Identify Sensitive Data • Missing Controls and Policies 12
NIST Structured Framework NIST 800-171 NIST 800-53 NIST Primary Controls Developed by Department of Commerce 13
REPORT ON COMPLIANCE 14
SCANS Types of Scans 1 Active 2 Passive 360 degree clear 3 PII view of network risk 4 Dark Web 5 Data 15
PII SCAN EXAMPLE 16
17
VULNERABILITY SCAN COMPARISON 18
DATA AUDIT AND WORKFLOW MAP • Industry is riddled with sensitive • Data at rest data not deleted, but still need • Data in motion to protect • Third party • Data flow analysis shows what you can’t see with a scan – Data workflow map follows the data at rest and in motion 19
RISK BASELINE • Missing Controls • Missing Policies • Data Flow • Scan Results • Assets Baseline • Financial Risk 20
BRING CLIENTS UP TO AN ACCEPTABLE LEVEL OF RISK • Executive Summary • Create New Projects • Layers of Security 1.0 to 2.0 • Meet Client Compliances • Best Practices 21
HOW TO SELL SECURITY Grow Revenue Reduce Increase Reduce RISK Efficiency Costs Costs 22
CREATING NEW PROJECTS SIEM Encryption Web Filtering Mobile Device Management Policy Development Managed Firewall Data Leak Prevention Awareness Training Remediation and Clean Up Threat Detection File Archiving 23
REPORT ON COMPLIANCE 25 11 150 32 Auditing & Awareness Policy Encryption Logging Training Development 24
MOST COMMON PROJECTS Next Generation Firewall PII Remediation & Cleanup Auditing & Logging Vulnerability Remediation File Archiving Web Filtering Encryption Mobile Device Management Awareness Training Policy Development 25
RECURRING REVENUE Security as a Service Vulnerability as a Service Compliance as a Service Dark Web & Credential Monitoring Website Monitoring Awareness Training Risk Assessments 26
MAINTAIN AN ACCEPTABLE LEVEL OF RISK • Monthly Recurring Revenue • Continuous Alerting and Monitoring • Comparison Reporting 27
RISK ASSESSMENT REFERRAL PARTNER Creates New Projects Leave the Work to Us Generate MRR Strategic Growth No Learning Curve 28
PARTNER PROGRAM Webinar Special! • Live Training • Branded portal: 2 factor • 6 Foundation Training Modules • Branded reports • $2,495 ($1,500 (500 x $3) for scans and • 500 scans (spans all clients) $995 for branding, brochures and MSP Portal) • Co Branded Brochures Regularly $5,100 minimum order for branded portal 29
NEXT STEPS Contact Us Choose One Client Develop a Strategy Present Proposal Discover how to Pick one client that Create a strategy for Provide your client grow your business needs Security and approaching clients with the Risk Compliance Services Assessment 30
Questions? 31
THANK YOU FOR ATTENDING Connect with us If you’re ready to expand your offerings and increase your monthly recurring revenue, let’s 10055 Red Run Blvd, Suite 140, Owings Mills, MD 21117 start with a conversation. + 1 (410) 205-4980 info@choicecybersecurity.com www. choicecybersecurity .com President and CEO 32
Recommend
More recommend