|
|
| (20 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| [[File:NSOC-2012.jpg|right|400px]]Many MSSP options exist for labs seeking MSS. (Appendix 2 of this guide provides a list of profiles for top MSSPs to consider.) In some cases, if the lab is already using a public or hybrid cloud provider, that provider may already offer MSS to its customers, providing a certain level of convenience and familiarity to the lab. (For example, both IBM and Cisco, which offer public and hybrid cloud services, are ranked among the top 30 MSSPs in several publications.<ref name="MSSPCyber20">{{cite web |url=https://www.msspalert.com/top250/list-2020/25/ |title=Top 250 MSSPs for 2020: Companies 10 to 01 |work=Top 250 MSSPs: Cybersecurity Company List and Research for 2020 |publisher=MSSP Alert |date=September 2020 |accessdate=21 August 2021}}</ref><ref name="MSSPCyber-30to21_20">{{cite web |url=https://www.msspalert.com/top250/list-2020/23/ |title=Top 250 MSSPs for 2020: Companies 30 to 21 |work=Top 250 MSSPs: Cybersecurity Company List and Research for 2020 |publisher=MSSP Alert |date=September 2020 |accessdate=21 August 2021}}</ref><ref name="STHTop15_21">{{cite web |url=https://www.softwaretestinghelp.com/managed-security-service-providers/ |title=Top 15 Best Managed Security Service Providers (MSSPs) In 2021 |publisher=Software Testing Help |date=30 April 2021 |accessdate=21 August 2021}}</ref><ref name="CDMMSSPs21">{{cite web |url=https://www.cyberdefensemagazine.com/top-100-managed-security-service-providers-mssps/ |title=Top 100 Managed Security Service Providers (MSSPs) |work=Cyber Defense Magazine |publisher=Cyber Defense Media Group |date=18 February 2021 |accessdate=21 August 2021}}</ref>) However, in some cases it may make sense for the lab to look beyond their cloud provider, particularly if their cloud provider doesn't supply MSS to its clients.
| | {{Saved book |
| | |title=Introduction to Quality and Quality Management Systems |
| | |subtitle= |
| | |cover-image=Time-Quality-Money.png |
| | |cover-color=#fffccc |
| | | setting-papersize = A4 |
| | | setting-showtoc = 1 |
| | | setting-columns = 1 |
| | }} |
|
| |
|
| As discussed prior, a knowledgeable and well-run MSSP can provide many benefits to the cloud-based lab, but what should stand out about the MSSP you select? When choosing a provider of comprehensive cloud-based MSS, you'll be looking for not only years of experience managing cloud installations, but also that the provider is able to<ref name="TrianzHowMana21">{{cite web |url=https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works |title=How Managed Cloud Security Works, and Why You Might Want It |publisher=Trianz |date=29 March 2021 |accessdate=21 August 2021}}</ref><ref name="RSIHowMuch20">{{cite web |url=https://blog.rsisecurity.com/how-much-does-managed-security-services-cost/ |title=How Much Does Managed Security Services Cost? |publisher=RSI Security |date=20 August 2020 |accessdate=21 August 2021}}</ref><ref name="Russell10Tips21">{{cite web |url=https://www.harmony-tech.com/10-tips-for-selecting-a-managed-security-services-provider-mssp/ |title=10 Tips for selecting a Managed Security Services Provider (MSSP) |author=Russell, J. |work=HarmonyTech Blog |date=10 January 2021 |accessdate=21 August 2021}}</ref><ref name="NTTHowToChoose16">{{cite web |url=https://www.nttsecurity.com/docs/librariesprovider3/resources/us_data_sheet_how_to_choose_an_mssp_uea_v1 |format=PDF |title=How to Choose an MSSP ||publisher=NTT Security |date=November 2016 |accessdate=21 August 2021}}</ref>:
| | ==''Introduction to Quality and Quality Management Systems''== |
| | {{ombox |
| | | type = content |
| | | style = width: 500px; |
| | | text = This book should not be considered complete until this message box has been removed. This is a work in progress. |
| | }} |
| | The goal of this short volume is to act as an introduction to the quality management system. It collects several articles related to quality, quality management, and associated systems. |
|
| |
|
| * demonstrate deep knowledge of cloud-agnostic, industry-relevant best practices and approaches to security frameworks and their implementation;
| | ;1. What is quality? |
| * demonstrate deep knowledge of regulatory mechanisms affecting your data and how to approach cloud security based upon those regulatory requirements;
| | :''Key terms'' |
| * describe what certifications, training, and continuing education requirements are met by staff;
| | :[[Quality (business)|Quality]] |
| * leverage existing and emerging cloud security tools (e.g., security information and event management [SIEM] software) for automating security processes in a scalable future-proof fashion;
| | :[[Quality assurance]] |
| * validate how their cloud security tools accomplish what they're intended to do, as well as how gathered information is analyzed both automatically and by the provider's analysts;
| | :[[Quality control]] |
| * demonstrate how their approaches to security management can fit into or further mold your current IT and risk management strategies;
| | :''The rest'' |
| * provide transparent pricing (e.g., is it tiered or bundled, based on number of users, something else) and make clear what the service covers;
| | :[[Data quality]] |
| * provide examples of existing and past customers willing to give feedback about their experience with the provider;
| | :[[Information quality]] |
| * provide a single point of contact to act as a security advocate to you during the entirety of your contract;
| | :[[Nonconformity (quality)|Nonconformity]] |
| * support not only open-source security management tools, but also be flexible enough to integrate your own proprietary solutions and their associated licenses into the managed service.
| | :[[Service quality]] |
| | ;2. Processes and improvement |
| | :[[Business process]] |
| | :[[Process capability]] |
| | :[[Risk management]] |
| | :[[Workflow]] |
| | ;3. Mechanisms for quality |
| | :[[Acceptance testing]] |
| | :[[Conformance testing]] |
| | :[[Clinical quality management system]] |
| | :[[Continual improvement process]] |
| | :[[Corrective and preventive action]] |
| | :[[Good manufacturing practice]] |
| | :[[Malcolm Baldrige National Quality Improvement Act of 1987]] |
| | :[[Quality management]] |
| | :[[Quality management system]] |
| | :[[Total quality management]] |
| | ;4. Quality standards |
| | :[[ISO 9000]] |
| | :[[ISO 13485]] |
| | :[[ISO 14000|ISO 14001]] |
| | :[[ISO 15189]] |
| | :[[ISO/IEC 17025]] |
| | :[[ISO/TS 16949]] |
| | ;5. Quality in software |
| | :[[Software quality]] |
| | :[[Software quality assurance]] |
| | :[[Software quality management]] |
|
| |
|
| Of course, cost will also be of concern. However, a blanket "how much does it cost" question isn't going to produce a simple answer; there will be many variables (e.g., business needs, current solutions, current IT staffing, regulatory requirements, etc.) within your organization that make it difficult for an MSSP to provide a canned response. They will need to respond to your lab’s needs, which may be different from another lab's.<ref name="DosalIsMan19">{{cite web |url=https://www.compuquip.com/blog/is-managed-security-worth-the-cost |title=Is Managed Security Worth the Cost? |author=Dosal, E. |work=Compuquip Blog |date=02 May 2019 |accessdate=21 August 2021}}</ref> Additionally, costs associated with MSS can vary, not only from provider to provider but also based upon each provider's pricing model. Will they charge your lab based upon number of users, number of devices, or some other mechanism? Does the MSSP provide a flat rate for protecting your cloud resources, or do they offer different tiers or bundles of services? And will the MSSP providing cloud-based MMS also manage your non-cloud resources? A "per user" or "per device" approach to pricing may make sense for small labs, but larger organizations may balk at such inflated costs, preferring a flat rate or tiered package of services. Those tiered services may be based on either a user number range or based on a set of offered services.<ref name="RSIHowMuch20" />
| | <!--Place all category tags here--> |
| | |
| Ultimately, before approaching an MSSP, your lab will have needed to go through multiple steps internally, stating IT goals, identifying technology and education gaps, and determining a budget to support those goals and gaps. If your lab doesn't have a clear picture of what it has, where it wants to be, and what it will need to get there, it will make selection process even more difficult. As such, your lab may want to consider the request for information (RFI) process as part of your selection process.
| |
| | |
| ==References==
| |
| {{Reflist|colwidth=30em}}
| |
