Using  Cybersecurity  to  Grow  Your  Managed  Services  Business    

•  I  enjoy  doing  a  good  job  for  my  customers  

•  I  want  their  systems  to  run  smoothly  

•  I  want  to  ensure  they  are  protected  

•  I  want  to  sleep  at  night  

•  I  want  to  grow  my  business      CompTIA  -­‐  Interna<onal  Trends  in  CyberSecurity  2016  PWC  -­‐  Global  State  of  Informa<on  Security  Survey  2016  Symantec  -­‐  2016  Internet  Security  Threat  Report  

Introduc<on  

• CompTIA  Resources  -­‐  Me  

• 3  Levels  of  Service  Offering  • Founda<onal  -­‐  Me  • Comprehensive  -­‐  Ken  • Advanced  –  Ken  

•  IT    Security  Community  –  ScoO  

• Security  Assessment  Wizard  -­‐  ScoO  

• Panel  Discussion  

Agenda  

   

CompTIA  Resources  

   

CompTIA  Resources  

   

CompTIA  Resources  

   

CompTIA  Resources  

CompTIA  Resources  

Using  Cyber  Security  to  Grow  Your  MSP  

Three  stages  

•  Data Backups •  Desktop Antivirus •  Email AV/AS •  Basic access control •  Software updates/patch

management •  Wireless control •  Physical access control

•  Gateway UTM •  Disaster recovery •  Remote access/VPN •  Basic awareness training •  Awareness/Education •  Verification of security testing •  Policy •  Wireless/BYOD •  Asset control •  System harderning

•  Governance/Compliance •  Incident response •  Monitoring/SIEM •  Pen Testing •  Risk Assessment •  WAP •  Other

Foundational Security Comprehensive Security Advanced Security

David Watson Ken Bagnall Ken Bagnall

https://www.comptia.org/resources/comptia-quick-start-guide-to-physical-security-uk

Copyright  (c)  2015  CompTIA  Proper<es,  LLC.    All  Rights  Reserved.    |    CompTIA.org

Comprehensive  Security  Comprehensive  security  is  the  next  step  to  provide  a  solid  all  around  protec<on  for  any  type  of  business.  This  is  not  ver<cal  or  customer  specific  focused,  but  is  a  comprehensive  checklist  of  what  can  be  used  across  the  board  for  any  type  of  business.  Addi<onal  layers,  procedures  and  technologies  would  be  required  for  a  complete  solu<on  in  some  specific  ver<cals  or  that  are  specific  to  some  businesses.    

10

Comprehensive  Security  Checklist BDR  solu<on Backup  and  disaster  recovery  technology  and  business  con<nuity  plan Gateway/Perimeter  UTM Complete  UTM  to  detect  and  prevent  threats Remote  access/VPN Avoid  port  forwarding  for  remote  access,  instead  use  VPN  access Awareness/Educa<on Simple  awareness  training  (don’t  trust/click/open)  Can  be  automated Verifica<on  of  security Test  current  security  setup.  Vulnerability  scans  in/out.  Review  logs/reports Policies Create  and  enforce  policies  such  as  password,  internet  usage,  access  to  

resources Wireless Usage  policy  and  BYOD  control Asset  control Catalog  all  sodware/hardware,  manage  updates  and  control System  hardening Disable  all  unused  sodware,  services  and  ports  on  all  systems.

Copyright  (c)  2015  CompTIA  Proper<es,  LLC.    All  Rights  Reserved.    |    CompTIA.org

Advanced  Security  You  may  wish  to  offer  addi<onal  security,  such  as  governance/compliance,  incident  response,  monitoring,  penetra<on  tes<ng  and  risk  assessment.    However,  these  tend  to  be  either    ver<cal  focused  or  service  orienta<on  focused,  which  means  it  might  make  more  sense  for  you  to  partner  with  a  provider  that  offer  these  type  of  advanced  services  instead  of  trying  to  build  them  yourself.  In  some  cases  you  may  even  want  to  outsource  some  of  the  comprehensive  items.  Regardless  of  how  you  offer  your  customers  security  whether  in  house  or  outsourced,  the  most  important  thing  is  that  every  business  has  comprehensive  protec<on.  

Beyond  Comprehensive  Security  Op@ons Governance/compliance Providing  PCI/HIPAA  or  other  consulta<on  to  cer<fy  compliance Incident  response Providing  remote  and/or  on  site  remedia<on  services  to  breaches Monitoring SIEM  log  correla<on  and  eyes  in  SOC  on  events Pen  Tes<ng Manual  penetra<on  tes<ng/audi<ng  of  network/systems Risk  assessment Full  audit  of  company  and  business  con<nuity,  providing  risk  analysis  and  plan

IT  Security  Community

Who  are  we?  •  The  CompTIA  IT  Security  is  

a  group  focused  on  the  changing  security  issues  of  today.  

Who  should  join?  •  Anyone  looking  to  stay  

current  with  the  ever-­‐changing  security  landscape.  

•  Join  the  community  •  Join  our  

CompTIA  IT  Security  LinkedIn  Group      

Complete  Ini@a@ves    

• Watch  Security  Tech  Tools  Videos  •  Take  a  look  at  the  Security  Research  Webinar  (on-­‐demand)  

•  Always  connected,  but  all  Wi-­‐Fi  is  not  GOOD  Wi-­‐Fi  Webinar  (on-­‐demand)  

•  Security  Code  of  Ethics  •  Security  Trustmark  +  •  Cybersecurity  Standard  •  Try  the  IT  Security  Assessment  Wizard    

CompTIA  Security  Assessment  Wizard

Our  Panel  

•  Ken  Bagnall,  Managing  Director,  The  Email  Laundry  

•  ScoD  Barlow,  Vice  President,  Global  MSP,  Sophos  

•  Terry  Galvin,  Owner,  Indigo  IT  

•  Moderator:  David  Watson,  Managing  Director,  Evolve  Computers  

•  14.15:  Internet  of  Things  in  Prac@ce:  End-­‐to-­‐End  Partner  Opportuni@es  •  Broadgate  2  

 

•  16.00:  Closing  Keynote:  Keep  on  Pushing  –  An  Olympic  Athlete’s  Message  of  Persistence  •  Broadgate  Suite  

•  17.00:  CompTIA  EMEA  Conference  Closing  Recep@on  •  Galleria  

Up  Next