CISA Releases First of Its Series of Six Cybersecurity Essentials Toolkits

CISA | June 02, 2020

  • This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks, CISA’s toolkits will provide greater detail.

  • Improve cybersecurity practices, the six cyber essentials toolkits will also include a list of actionable items for interested parties to take to reduce cybersecurity risks.

  • Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit.


As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits. This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. CISA’s toolkits will provide greater detail, insight and resources on each of the Cyber Essentials’ six “Essential Elements” of a Culture of Cyber Readiness. Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit to correspond with each of the six “Essential Elements.” Toolkit 1 focuses on the role of leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment.


We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit, said CISA Director Christopher Krebs. “We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.” Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. Cyber Essentials includes two parts – guiding principles for leaders to develop a culture of security, and specific actions for leaders and their IT professionals to put that culture into action.



Read more: MICROSOFT: MASSIVE COVID-19 THEMED PHISHING CAMPAIGN UNDERWAY TO GAIN REMOTE ACCESS

We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit .

~ said CISA Director Christopher Krebs.


Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are: Drive cybersecurity strategy, investment, and culture; Develop heightened level of security awareness and vigilance; Protect critical assets and applications; Ensure only those who belong on your digital workplace have access; Make backups and avoid loss of info critical to operations; and Limit damage and restore normal operations quickly. Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.

We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.


This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies. In recognition of the importance of governance in addressing cyber risks, the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division and the National Association of State Chief Information Officers (NASCIO) partnered to develop a State Cybersecurity Governance Report and series of State Cybersecurity Governance Case Studies exploring how states govern cybersecurity.


The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness. This page will be updated as new Toolkit chapters are published. The report and case studies identify how states have used laws, policies, structures, and processes to help better govern cybersecurity as an enterprise-wide strategic issue across state governments and other public and private sector stakeholders. According to over 1,700 IT service providers, the lack of cybersecurity awareness amongst employees is a leading cause of a successful ransomware attack against an SMB.


Read more: COVID-19 PANDEMIC MOVES ORGANIZATIONS TO INCREASE CYBERSECURITY SPENDING

Spotlight

Mobile adoption at work is mainstream. From the casual user who wants to check business email on their mobile phone, to the field technician who is carrying a mobile tablet to the customer site, the use cases addressed by mobile technologies are wide ranging. IDC predicts that 1 billion devices are coming to the work place between 2013-2017, presenting both a formidable challenge and a tremendous opportunity for businesses that want to benefit from mobility.

Spotlight

Mobile adoption at work is mainstream. From the casual user who wants to check business email on their mobile phone, to the field technician who is carrying a mobile tablet to the customer site, the use cases addressed by mobile technologies are wide ranging. IDC predicts that 1 billion devices are coming to the work place between 2013-2017, presenting both a formidable challenge and a tremendous opportunity for businesses that want to benefit from mobility.

Related News

PLATFORM SECURITY

Uptycs consolidates cloud security with CNAPP

Uptycs | June 07, 2022

Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint protection from a single solution, unveiled new capability to address critical cloud-native application protection platform (CNAPP) use cases today at the RSA Conference. In order to offer these functionalities, telemetry from the necessary attack surfaces is ingested into the Uptycs SQL-powered data lake for real-time and historical analysis. With a single data and control plane, this platform architecture allows enterprises to consolidate security tools as they progressively embrace cloud-native software development and operations. Gartner estimates that by 2025, 70% of enterprises will reduce the number of providers safeguarding the life cycle of cloud-native apps to no more than three. Gartner advises security and risk management executives implementing a consolidation approach as follows: "Evaluate security platforms where data and control planes are shared; use this consolidation to develop common rules and close gaps and vulnerabilities across legacy silos." "Security organizations face fast-changing threats while struggling to hire and retain technical talent. At the same time, organizations are accelerating digital transformation by adopting new cloud-native technologies and operations. Unlike other security vendors that take a portfolio approach—lightly integrating separately acquired products—Uptycs addresses these challenges by extending our SQL-powered analytics platform to cover key CNAPP use cases." Ganesh Pai, CEO and co-founder of Uptycs The Uptycs system generalizes telemetry at the collection point into SQL tables, allowing for real-time analysis and correlation as data flows into the cloud. This enables columnar compression as well as rapid query speeds over petabytes of data. According to Gartner: "Securing cloud-native applications offers enterprises the opportunity to redesign security approaches. Rather than treat development and runtime as separate problems—secured and scanned with a collection of separate tools—enterprises should treat security and compliance as a continuum across development and operations. They should look to consolidate tools into cloud-native application protection platforms where possible."

Read More

DATA SECURITY

Palo Alto Networks and Deloitte Deepen Strategic Alliance

Palo Alto Networks | May 17, 2022

Palo Alto Networks and Deloitte announced today the advancement of their existing strategic partnership to provide managed security services to their shared U.S. clients, making Palo Alto Networks' leading cybersecurity technology portfolio accessible in Deloitte's outcome-based, managed offerings. Many businesses are turning to managed security service providers (MSSPs) and managed detection and response (MDR) providers to run and elevate high-impact cyber defensive capabilities employing modern technologies that assist in handling continually developing cyberthreats. "Our customers are asking for managed secure access service edge (SASE), cloud, and threat detection and response capabilities. By offering our innovative security solutions portfolio as a managed service through Deloitte, we're providing newly extended support to customers who want their cyber programs to truly enable their critical business initiatives." Prem Iyer, vice president, Global Systems Integrator Ecosystems for Palo Alto Networks Kieran Norton, Deloitte Risk & Financial Advisory infrastructure solution leader and principal, Deloitte & Touche LLP said that "We're advising our clients every day on how cybersecurity can help empower their strategic business priorities but building it all in-house can be challenging and costly. Together with Palo Alto Networks, we are able to advise, equip and operate security capabilities for organizations as they work to manage cyber threats with agility and resilience." Deloitte Cyber and Palo Alto Networks first announced their strategic alliance in July 2021, with the goal of providing comprehensive cybersecurity solutions to shared customers. Managed services will feature expanded solutions such as: Deloitte and Palo Alto Networks help companies move to a Zero Trust framework by combining cyber technology platforms and professional services. Deloitte's Cloud Security solution includes the industry's most complete Cloud Native Security Platform, Palo Alto Networks Prisma® Cloud, and CortexXSOAR. Palo Alto Networks' Prisma Cloud and Prisma Cloud Compute are part of Deloitte's OpenCloud, which is the management plane for Deloitte's Cloud Management Platform. Presently, 5G-native security from Deloitte and Palo Alto Networks includes 5G security blueprints, data, control, and cellular signaling domain integration, and network protection.

Read More

PLATFORM SECURITY

Morganfranklin Launches Cybersecurity Innovation Center

Morganfranklin | June 14, 2022

MorganFranklin Consulting, a management consulting business located in Washington, DC, has opened a new cybersecurity innovation center (CIC). Customers will be able to obtain insight into how security technologies will perform in their environment and how cyberattacks will influence their systems thanks to the bespoke, interactive lab environment. “As ever-increasing and more sophisticated attacks combine with rapid digital transformation, cybersecurity preparation has never been more challenging or more important. The MorganFranklin Cybersecurity Innovation Center is a powerful new way to help our clients answer essential questions that improve their security operations, upskill their teams, and address their most pressing threats.” John Fung, a director in MorganFranklin’s cybersecurity operations practice area Clients can duplicate their live systems and troubleshoot countermeasures to the most recent attack vectors prior to deployment. Customers can also assess how different security products from different vendors perform alone and together in order to optimize program spending. The CIC will enable MorganFranklin to produce continual threat information and optimize its cybersecurity practices. The extended cybersecurity practice of the consultancy offers services in program planning, governance, risk, and compliance; identity and access management; cybersecurity operations; incident response; business and technology resilience; risk intelligence; and managed security. MorganFranklin offers accounting and risk advisory services, strategic transformation and program execution, supply chain and retail management, technological enablement, and cybersecurity consultancy. The company employs over 600 workers across eight locations in the United States.

Read More