Cyber security as a managed service

The increase in cyber attacks and the insidious attacks from smart applications and viruses means that your business is constantly under attack from cyber space.   The problem arises when that attack actually penetrates your defences.   When that happens then you have a very good chance of losing customers, losing revenue, losing credibility, getting hammered in the press and the very real chance of being damaged to the extent of not being able to recover and having to close the doors.   On top of that there is always the very real threat that a penetration could do serious damage to hardware and software as well.

To a small and medium business and not for profit organisation this is a real problem, with failures in Sony, City Bank and RSI in the last year how are you to protect yourself.   These large corporations has the ability to throw lots of money, the technical expertise and in house resources at the problem and the cyber criminal still get in.   What hope has a small and medium business have to protect themselves.

What are the business drivers for a complete security managed services system? 

Quite often a business looks at cyber security and the business strategy from different directions.   Business strategy and cyber security have to be aligned to protect the organisation and the information within.  The protection of the organisation comes down to being able to align the goals and opportunities with the direction of the business.   To do this, both areas have to have an understanding of what needs to be protected, at what level and how restrictive.

The wider business community within the business needs to understand why the organisation is putting the rules in place, what they are protecting and the consequences of not following those rules.   Furthermore, when implemented, cyber security system are often dispa? and disconnected which increases the chance of those system being inefficient.   This creates further problems for the organisation by not knowing what security to invest in, what system will return the best ROI and what information needs the best protection.

What should a managed security system deliver to your business?

The principles of a managed service provider is to deliver specific resources to its client.  In normal MSP’s this is management and monitoring of critical infrastructure, the technical support of the business through help desk services, on and off site technical support and a reporting feature that business decisions can be based on.   A more Indepth MSP will also deliver high end advise and recommendations that will improve your business.

A security MSP is focused on putting the correct systems and resources in place to protect their clients business.   They usually have businessmsecurityncredentials that are focussed on business as well as technology.  This could be combined with some of the roles that a normal MSP manages.

A security MSP focuses on a complete security view of the business.   It also delivers decision making support for management and risk management against cyber threats.   This is all aligned with the business direction and strategy.

In most businesses the security of the information is usually based on fire fighting, putting out the spot fires, this does not allow a business to lean back and take stock of the situation and implement a holistic outlook for their protection.   An Security MSP allows a business to focus on their strengths and allow someone else to manage and implement their weaknesses.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.