How To Present An MSSP To Chief Security Officer?
Introduction of Security Officer
Definition of Security Officer is usually associated with the person who has some kind of security involvement in an organization. He may have some responsibility for security in his/her area, or he may just be a user who needs to know something about it. In this article i will discuss MSSP presentation from the perspective of information security officer:-
Most Small and medium size business organizations have hired a full time employee(s) whose role includes information security. This person is often called a Chief Information Security Officer (CISO). If there is no CISO, then a part-time role can be created specifically for someone whose primary job function involves information technology and security. The position title might vary depending on your company’s naming conventions but could include VP & Chief Security Officer (CSO), Chief Information Security Officer (CISO) or Director/Manager etc.
In the past, these officers had to manage specific security technologies such as firewalls but today they have to manage more complex security architectures that include a large number of security components from different vendors. Many organizations hire consultants for short periods of time when big projects need to be implemented or when there are serious problems in their information security.
list of some responsibilities typically assigned to a full-time information security officer
• Ensure the organization develops and maintains a formal, comprehensive and rigorous risk management program designed to identify risks and vulnerabilities associated with computing and communications systems used by the organization;
• Develop, implement and maintain business continuity plans to ensure the organization can recover from serious incidents or disasters;
• Develop, implement and manage information security policies, standards and procedures designed to protect all systems used by the organization;
• Conduct regular risk assessments of technologies used by the organization to identify vulnerabilities and assess risks associated with them;
• Coordinate efforts among technology managers, operations managers and end-users in implementing information security initiatives;
• Develop information security awareness training programs for end users;
How To Present An MSSP To Chief Security Officer
When you are looking for a MSSP contract with your organization, it is necessary to make sure that you have your information security officer on board.
You need to convince him/her by showing how an external MSSP can help them do a better job protecting their organizational data and networks through the use of specialized technology and expertise.
Keep in Mind following Aspects before you Present MSSP to CISO:
• Make a list of all security services in needs in your organization,
• List down the top 3 important security services among them ,
• Share information about benefits of MSSP with CISO and how it can help in resolving his issues.
• Presenting outsourcing as an option for solving his problems.
• Promoting the concept of information security as a whole by working with MSSP.
• Balance risk vs cost.
• Keep in mind all his previous experiences and learning along with what he is expecting from you after this presentation.
MSSP Services For Chief Security Officer:
All major MSSP services are listed here for reference purpose but keep in mind to only focus on the ones your organization really needs right now unless you have enough time to present everything or if CISO wants that:-
Monitoring Services: The following monitoring services are generally offered by an MSSP:-
1) Security Event Monitoring :- This service provides capabilities for logging security events, alerting on anomalies, reporting on status, searching logs via event id, creating reports etc.
2) Security DLP Monitoring :- This service provides DLP policy monitoring which is helpful in identifying security related data leakage scenarios across multiple endpoints and networks.
3) Network Traffic Monitoring :- This service provides capabilities for deep packet inspection (DPI), network traffic analysis, real time alerting on login attempts, email alerts etc.
4) Web Application Firewall Monitoring :- This service provides capabilities for hosting web application firewall (WAF) rules that proactively protect the web applications hosted in your cloud environment against common attack patterns such as SQL injection attacks, XSS attacks etc.
Bringing Outsourcing As An Option For Resolving Security Officer’s Issues
In most cases when IT departments have spent years dealing with single point of failure, no redundancy or worse yet lots of manual work that is required to answer basic questions from business units such as “can you change my password” or “can you increase monitoring on this service” then the idea of turning over some operational tasks to third party will seem very attractive to them.
This is one of the most important aspects you need to cover in your presentation because CISO had probably done an exercise of outsourcing some IT responsibilities before but it didn’t go so well due to lots of small issues that were not covered during RFP process or poor handover procedures or lack of skill sets within the organization etc.
Keeping that in mind you need to convince him/her by showing how outsourcing can help them do a better job protecting their organization’s data and networks through the use of specialized technology and expertise.
Perks Of An External MSSP
• An external MSSP can proactively monitor your network/services 24×7 by using specially designed security probes that are deployed in your production environment.
• SCADA SCAN services offered by an external MSSP will help you stay ahead of hackers who are constantly looking for known vulnerabilities in industrial protocols used in building automation or factory control systems.
• External MSSPs also provide proactive vulnerability assessment, penetration testing and web application scanning which should make CISOs happy because these are real time threat intelligence reports sent directly to their inboxes.
When presenting an external MSSP as a solution for internal security officer’s problems it is important to remember that CISOs are usually biased.
They have already done some research on this topic and most likely were not satisfied with the results because outsourcing has a long history of being unsuccessful within the public sector so they will be looking for reasons not to give you a contract.
In order to successfully convince him/her, you must focus on explaining how an external MSSP can actually help them do their job better by providing real time threat intelligence, proactive vulnerability assessments and web application scanning.
You also need to present them with outsourcing as an option instead of just another failed attempt at securing their organization’s data and networks because they are unlikely to give you a chance if they think that you don’t know what you’re talking about.