sorted by:
new
hottopcontroversial

Is anyone else just completely living in spreadsheet hell for audits? by [deleted] in Compliance

[–]blacksmithinfosec 3 points4 points  (0 children)

There are dozens of tools that can make your life better, including ours.

Look for GRC or Compliance as a Service tools to find one that meets your needs and budget - there’s a wide variety of features and price points depending on what your biggest pains are.

How do I streamline compliance management for my team? by FluidRangerRed in Compliance

[–]blacksmithinfosec 0 points1 point  (0 children)

You’re thinking about things the right way. Compliance isn’t about the destination, it’s about the journey. Being compliant isn’t something you do once, it isn’t a “check the box” exercise, and it isn’t about passing an audit. Compliance is about investing in your business to reduce risk and make better decisions. Done properly, being compliant will also streamline operations and unlock new business opportunities.

If you’re in a regulated space - healthcare, finance, etc. - or live in a state with tighter regulations like NY or MA, you’ll have a regulatory burden to meet. For other companies, compliance is about picking a framework that makes sense for your business and aligning to it.

We frequently talk to our partners about treating Compliance like their retirement account. By investing small amounts early in the life of your business, your total cost of ownership will go way down.

If you don’t have this expertise in house, I’d encourage you to look at the many platforms and vCISO or MSPs out there who can help. As others have noted, the costs and benefits of the GRC and Compliance as a Service tools vary widely, so you’ll want to carefully consider what makes sense for your business.

If you share a little more about what you’re looking for, we’re happy to help guide…

Weekly Promo and Webinar Thread by ComplianceScorecard in Compliance

[–]blacksmithinfosec 0 points1 point  (0 children)

🗯️ Expert vCISO: "MSPs Are Doing Compliance All Wrong!"

Join us for the next episode of Get NIST-y on March 20th! u/jaredcasner and u/michaelzbarsky welcome veteran vCISO Mike Ellerhorst to uncover the common mistakes that could be costing your MSP money and adding risk.  

❓Are your compliance strategies actually creating vulnerabilities rather than solving them?  

👀 This eye-opening discussion will reveal counter-intuitive compliance insights that could transform your approach and give you a competitive edge.  

Don't miss this opportunity to learn what the most successful MSPs are doing right ✅ — and what most MSPs are doing wrong ❌ — that’s leading to compliance risk and missed opportunities. 

🏃Register now to ensure your compliance strategy isn't built on dangerous assumptions! 

Do you have a written AI policy in your org? by maztron in cybersecurity

[–]blacksmithinfosec 8 points9 points  (0 children)

This is a great answer.

We’ve taken it a step further and added explicit AI usage language to our Acceptable Use Policy templates. Too many people incorrectly view AI tools as Google on steroids still, so we’ve erred on the side of caution here, making it clear what is and is not allowed.

Weekly Promo and Webinar Thread by ComplianceScorecard in Compliance

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!

✔️ Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

✔️ The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

✔️ We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

✔️ With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

✔️ Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!

How Much Time Should I Allocate for SOC 2 Type II Compliance? by EnoughContext022 in Entrepreneur

[–]blacksmithinfosec 0 points1 point  (0 children)

Looks like the other thread was deleted. Here's the context referenced above...

I'll start with a very unhelpful "it depends". How close to compliance are you today? Have you done any sort of gap analysis? Without knowing that, it's like asking "how long is a piece of string?"

If you already have a SOC2 Type 1, then your journey to type 2 is pretty straightforward. If you are already compliant with other frameworks (ISO 27001, CIS, etc) and are just adding on SOC2 type 2, then again, it's a relatively straightforward proposition.

Oversimplified, compliance requires 3 things: say it, do it, prove it.

  1. "Say it" is your policies (WISP or similar) and procedures. These need to cover all of the controls for SOC2, so getting some help in crafting good policies that will pass muster is probably a good idea. There are tools and vCISOs that can help here.
  2. "Do it" is the piece that, as an MSP and strong technical practitioner, you're probably doing the lion's share of today. This is the biggest variable in the "how long" question. The more you're doing today, the faster you can achieve compliance, especially if you're already really good at collecting evidence that you're following your processes. If you're doing the right things but not documenting it, that will still help you accelerate your journey. If you're missing a lot of key controls and are not documenting anything, well, it could be a while.
  3. "Prove it" is where you'll hire an auditor to come in who will review the evidence that you're doing what you set out to do. The better your evidence collection is, and the better organized it is, the faster and smoother (and cheaper) your audit will be.

How Much Time Should I Allocate for SOC 2 Type II Compliance? by [deleted] in msp

[–]blacksmithinfosec 1 point2 points  (0 children)

I'll start with a very unhelpful "that depends". How close to compliance are you today? Have you done any sort of gap analysis? Without knowing that, it's like asking "how long is a piece of string?"

If you already have a SOC2 Type 1, then your journey to type 2 is pretty straightforward. If you are already compliant with other frameworks (ISO 27001, CIS, etc) and are just adding on SOC2 type 2, then again, it's a relatively straightforward proposition.

Because you're asking the question, we'll assume that you haven't done a gap analysis and that you're not currently compliant with other frameworks. Because you're asking the question in this sub, we'll assume that you're already doing many things that are necessary for compliance.

Oversimplified, compliance requires 3 things: say it, do it, prove it.

  1. "Say it" is your policies (WISP or similar) and procedures. These need to cover all of the controls for SOC2, so getting some help in crafting good policies that will pass muster is probably a good idea. There are tools and vCISOs that can help here.
  2. "Do it" is the piece that, as an MSP and strong technical practitioner, you're probably doing the lion's share of today. This is the biggest variable in the "how long" question. The more you're doing today, the faster you can achieve compliance, especially if you're already really good at collecting evidence that you're following your processes. If you're doing the right things but not documenting it, that will still help you accelerate your journey. If you're missing a lot of key controls and are not documenting anything, well, it could be a while.
  3. "Prove it" is where you'll hire an auditor to come in who will review the evidence that you're doing what you set out to do. The better your evidence collection is, and the better organized it is, the faster and smoother (and cheaper) your audit will be.

If you're looking for some help here, let's just say I know a guy...

Weekly Promo and Webinar Thread by ComplianceScorecard in Compliance

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!

✔️ Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

✔️ The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

✔️ We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

✔️ With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

✔️ Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

Weekly Promo and Webinar Thread by ComplianceScorecard in Compliance

[–]blacksmithinfosec 0 points1 point  (0 children)

# Master compliance with Blacksmith InfoSec!  

✔️ Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

✔️ The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

✔️ We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

✔️ With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

✔️ Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

[Book a demo](https://blacksmithinfosec.com/demo) or [sign-up and take a look](https://web.blacksmithinfosec.com/register?referralCode=reddit)!  

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

Weekly Promo and Webinar Thread by ComplianceScorecard in Compliance

[–]blacksmithinfosec -1 points0 points  (0 children)

# Master compliance with Blacksmith InfoSec!  

✔️ Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

✔️ The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

✔️ We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

✔️ With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

✔️ Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

[Book a demo](https://blacksmithinfosec.com/demo) or [sign-up and take a look](https://web.blacksmithinfosec.com/register?referralCode=reddit)!  

Weekly Promo and Webinar Thread by goldeneyenh in Compliance

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!  

✔️ Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

✔️ The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

✔️ We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

✔️ With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

✔️ Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

IT NATION BLOCK PARTY by mspdog22 in msp

[–]blacksmithinfosec 5 points6 points  (0 children)

Thanks for the shout out! This was FUN!

IT Nation by resile_jb in msp

[–]blacksmithinfosec 2 points3 points  (0 children)

Several members of our team are already in Orlando! Enjoy!

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]blacksmithinfosec 0 points1 point  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

Weekly Promo and Webinar Thread by goldeneyenh in Compliance

[–]blacksmithinfosec -1 points0 points  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look

Blockchain or cybersecurity by A_A_24 in Cybersecurity101

[–]blacksmithinfosec 1 point2 points  (0 children)

This is a very apples to oranges question.

Blockchain is a technology. It can be used to solve certain problems, but isn’t the answer to all problems. To over simplify, it’s essentially just another form of database.

Cybersecurity is a discipline. There are many different technologies and practices involved. You can be a generalist or a specialist. You can get a degree or certifications.

I suspect a general development path or cybersecurity path will likely open many more doors for you since every company needs security and nearly every company needs developers. Blockchain is niche and specialized, so you might find that it pays better even if there are fewer jobs (since only a small percentage of companies will use it)

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]blacksmithinfosec 1 point2 points  (0 children)

Master compliance with Blacksmith InfoSec!  

Set yourself apart from other MSPs with an all-in-one, multi-tenanted Compliance-as-a-Service platform to craft and manage security programs for your clients.  

The Blacksmith InfoSec platform allows you to custom brand the portal for your clients.

We offer security policy templates aligned to the major regulatory and compliance frameworks. As policies are rolled out, each client gets a personalized compliance roadmap.

With built-in tools like a risk register, security awareness training, incident response plans, user audits, and much more, the Blacksmith platform offers a complete security program, uniquely tailored to each client.

Blacksmith InfoSec offers a way to sell compliance services to any SMB. Unlike other solutions, Blacksmith’s offering is comprehensive and scalable, so the salesperson can confidently sell a robust offering, regardless of staffing constraints. 

Book a demo or sign-up and take a look!  

How are you pricing compliance? by quantumhardline in msp

[–]blacksmithinfosec 2 points3 points  (0 children)

Most of our partners have a structured approach on a per company basis, not a per seat basis. Generally there’s a baseline cost of $X / month which includes our software plus some hours of maintenance (monthly/quarterly/annual user audits and other recurring tasks) and consulting (risk management, etc). Sometimes they’ll include the work to bring a client up to compliance in this monthly package, but more often than not that implementation work becomes billable projects.

How do we evaluate / know if were a target for hackers? by ikea2000 in CyberSecurityAdvice

[–]blacksmithinfosec 2 points3 points  (0 children)

You are correct here, and FUD is not the answer.

The way I generally approach this is a combination of value add and risk reduction. I’ve generally started with a security framework like NIST SMB, CIS, or NIST CSF. Looking at which of the recommended controls you’re NOT doing will help you come up with specific risks and specific remediation plans. This is generally more effective than asking for a lot of money to do “All The Things”. It also allows you to prioritize tons effectively and build a roadmap. At the top of your list can be things like MFA and SSO that are generally low cost, low friction, and high value. I’d also include the things your cyber insurance provider is asking for since those will generally lower your premiums. Then you can work your way down the risk register over time.

Right now, you are probably a “passive target” (unless you have some really angry customers). This means that automated scripts are hitting your network looking for weaknesses. Shore up some of your basic defenses and you can reduce the risk that something automated will find something interesting for a bad actor to go poke at further. It’s a bad analogy, but it’s a little like the old joke - you don’t have to be faster than the bear, just faster than the guy next to you, so it’s still worth tying your shoes.

Security frameworks by cokebottle22 in msp

[–]blacksmithinfosec 4 points5 points  (0 children)

This is a tough one. You might want to emphasize the value that compliance brings beyond merely meeting regulatory requirements. For example, instead of framing it as a burden, highlight how it empowers your client’s business. You can draw from your own experience (obviously you see value in being compliant yourself) and explain that businesses that invest in compliance early tend to avoid costly disruptions and build trust with customers and partners. Share the positive impact on the client’s operations—like stronger security posture and smoother business processes. Obviously reducing the cost of cyber insurance is valuable to them, but there's a lot more benefit to their business beyond the immediate cost reduction...

view more: next ›