CISA Releases First of Its Series of Six Cybersecurity Essentials Toolkits

CISA | June 02, 2020

CISA Releases First of Its Series of Six Cybersecurity Essentials Toolkits
  • This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks, CISA’s toolkits will provide greater detail.

  • Improve cybersecurity practices, the six cyber essentials toolkits will also include a list of actionable items for interested parties to take to reduce cybersecurity risks.

  • Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit.


As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits. This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. CISA’s toolkits will provide greater detail, insight and resources on each of the Cyber Essentials’ six “Essential Elements” of a Culture of Cyber Readiness. Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit to correspond with each of the six “Essential Elements.” Toolkit 1 focuses on the role of leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment.


We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit, said CISA Director Christopher Krebs. “We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.” Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. Cyber Essentials includes two parts – guiding principles for leaders to develop a culture of security, and specific actions for leaders and their IT professionals to put that culture into action.



Read more: MICROSOFT: MASSIVE COVID-19 THEMED PHISHING CAMPAIGN UNDERWAY TO GAIN REMOTE ACCESS

We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit .

~ said CISA Director Christopher Krebs.


Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are: Drive cybersecurity strategy, investment, and culture; Develop heightened level of security awareness and vigilance; Protect critical assets and applications; Ensure only those who belong on your digital workplace have access; Make backups and avoid loss of info critical to operations; and Limit damage and restore normal operations quickly. Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.

We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.


This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies. In recognition of the importance of governance in addressing cyber risks, the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division and the National Association of State Chief Information Officers (NASCIO) partnered to develop a State Cybersecurity Governance Report and series of State Cybersecurity Governance Case Studies exploring how states govern cybersecurity.


The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness. This page will be updated as new Toolkit chapters are published. The report and case studies identify how states have used laws, policies, structures, and processes to help better govern cybersecurity as an enterprise-wide strategic issue across state governments and other public and private sector stakeholders. According to over 1,700 IT service providers, the lack of cybersecurity awareness amongst employees is a leading cause of a successful ransomware attack against an SMB.


Read more: COVID-19 PANDEMIC MOVES ORGANIZATIONS TO INCREASE CYBERSECURITY SPENDING

Spotlight

Five years ago, life was much easier for security professionals. They could collectively focus on compliance and deploy mature controls like firewalls and anti-virus to defend against largely unsophisticated attackers. Security professionals now face much more sophisticated adversaries and tactics.

Related News

Hub Protection to provide INX Limited with military-grade Digital Asset Cybersecurity

prnewswire | September 15, 2020

Hub Security, the cyber security platform, is announcing the use of its military-grade VaultHSM to secure INX Limited's crypto services.This news comes on the heels of INX Limited's latest announcement of its initial public offering this week of up to 130 million INX Security Tokens (the "INX Tokens" or "Tokens"). Hub Security utilizes military-grade cybersecurity principles for its Vault HSM (Hardware Security Module) and handheld miniHSM devices' with FIPS Approved Cryptographic Algorithm Validation

Read More

SOFTWARE SECURITY

iENSO and Firedome announce a partnership to bring real-time cybersecurity to IoT brands

iENSO | March 09, 2021

iENSO, a leading provider of embedded vision systems, and Firedome, an end-to-end cybersecurity provider for IoT brands and CES Innovation Award winner, announced today a partnership to protect connected devices with embedded vision. The current explosive growth in connected embedded vision devices as well as the increasing demand for vision data processing have given a new platform to hackers and cyberattacks, compromising data security and user privacy. Firedome and iENSO's partnership will deliver a new generation of embedded vision systems, with built-in cybersecurity and privacy. iENSO is an embedded vision system provider focused on Edge AI and cloud connectivity. It packs a global network of design, engineering and manufacturing expertise into every embedded vision system, module and component. Firedome is the world's first provider of real-time endpoint cybersecurity for IoT devices, which have become common targets for hackers. Founded by security veterans, the endpoint solution includes a lightweight software agent and a cloud-based AI engine collecting and monitoring the device to provide end-to-end protection against hacks or device breaches. The iENSO-Firedome partnership will set a new standard for protected embedded vision devices. The advanced cyber protection provided by Firedome is well aligned with iENSO's goal to enable IoT and products companies to build vision-based decision making into their products. The launch of protected embedded vision systems ensures that consumers will benefit from the highest level of privacy and cybersecurity protection in the market today. This approach provides end-to-end monitored cybersecurity protection, fully encrypted data and video, and the ability to protect and remediate the increasingly common attempts to access networks through IoT devices.

Read More

Pandemic Has Unleashed an Unprecedented Level of Ransomware Attacks on Healthcare

Healthcare Dive | July 03, 2020

Ransomware hit at least 26 U.S. healthcare providers between January and May, according to Recorded Future, which used open-source reporting to verify the attacks.April and May averaged six ransomware attacks each, compared to five attacks in April and three attacks in May last year. Recorded Future confirmed Maze was responsible for at least six ransomware attacks this year and NetWalker was responsible for at least five.Since 2016, Recorded Future said it cataloged 161 publicly disclosed ransomware attacks targeting healthcare providers. Of the 57 attacks recorded in 2019, at least 10 organizations paid or partially paid the ransom.Last year the healthcare industry was inundated with an unprecedented level of ransomware attacks. Smaller healthcare providers, unable to pay a ransom or recover from the damage, were forced to shutter.

Read More

Spotlight

Five years ago, life was much easier for security professionals. They could collectively focus on compliance and deploy mature controls like firewalls and anti-virus to defend against largely unsophisticated attackers. Security professionals now face much more sophisticated adversaries and tactics.