Security and Compliance Weekly Subscribe

CISA Guidance for MSPs and SMBs, Part 1 – Chris Loehr – SCW #95

November 16, 2021

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers’ networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.

Segment Resources:

https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf

Full episode and show notes

Announcements

In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Chris Loehr

Chris Loehr

EVP, CTO at Solis Security

Chris currently serves as Executive Vice President and CTO of CFC Response/Solis Security, a division of CFC Underwriting, overseeing the day-to-day operations of the firm’s Incident Response and Proactive Cybersecurity teams. Chris has spearheaded numerous improvement and optimization efforts for CFC Response. Chris is passionate about assisting small and medium-sized organizations through difficult cyber-attacks. He takes the approach that the response efforts are more than technical. They require an incident response firm that can understand the business and respond to ensure the business’s needs are met and the business is restored as quickly as possible.

Hosts

Jeff Man

Jeff Man

Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems

https://www.obsglobal.com/

Fredrick "Flee" Lee

Fredrick "Flee" Lee

CSO at Gusto

http://gusto.com/

Kat Valentine

Kat Valentine

Compliance Free Agent (Consultant) at Osmosis Security

https://www.osmosissecurity.com/

Liam Downward

Liam Downward

CEO at CYRISMA

https://www.cyrisma.com/

Related

Managed services

Removing the B.S. from Third-Party Risk Assessments – Merike Kaeo – CFH #21

May 16, 2023

Risk assessment questionnaires are a standard practice when evaluating current or prospective third-party partners. And yet some folks may justifiably ask: How valuable are these questionnaires if there are no consequences for fudging your answers, or even outright lying? This session will examine common weaknesses and oversights in the third-party...

From Nothing to Something: Overcoming Hurdles – Larry Whiteside Jr – CSP #118

April 18, 2023

Everyone has a struggle or hurdle they will face. Your outcome is largely determined by your approach. Does this mean you will get OVER every hurdle? No. But sometimes, you can go around it or under it and still reach your final destination.

Managed services

The Rise of RegOps: The Need for Compliance Automation – Travis Howerton – ESW #313

April 13, 2023

Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly...