CISA Releases First of Its Series of Six Cybersecurity Essentials Toolkits

• This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks, CISA’s toolkits will provide greater detail.

• Improve cybersecurity practices, the six cyber essentials toolkits will also include a list of actionable items for interested parties to take to reduce cybersecurity risks.

• Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit.

As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits. This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. CISA’s toolkits will provide greater detail, insight and resources on each of the Cyber Essentials’ six “Essential Elements” of a Culture of Cyber Readiness. Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit to correspond with each of the six “Essential Elements.” Toolkit 1 focuses on the role of leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment.

We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit, said CISA Director Christopher Krebs. “We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.” Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. Cyber Essentials includes two parts – guiding principles for leaders to develop a culture of security, and specific actions for leaders and their IT professionals to put that culture into action.

Read more: MICROSOFT: MASSIVE COVID-19 THEMED PHISHING CAMPAIGN UNDERWAY TO GAIN REMOTE ACCESS

We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit .

~ said CISA Director Christopher Krebs.

Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are: Drive cybersecurity strategy, investment, and culture; Develop heightened level of security awareness and vigilance; Protect critical assets and applications; Ensure only those who belong on your digital workplace have access; Make backups and avoid loss of info critical to operations; and Limit damage and restore normal operations quickly. Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.

We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.

This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies. In recognition of the importance of governance in addressing cyber risks, the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division and the National Association of State Chief Information Officers (NASCIO) partnered to develop a State Cybersecurity Governance Report and series of State Cybersecurity Governance Case Studies exploring how states govern cybersecurity.

The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness. This page will be updated as new Toolkit chapters are published. The report and case studies identify how states have used laws, policies, structures, and processes to help better govern cybersecurity as an enterprise-wide strategic issue across state governments and other public and private sector stakeholders. According to over 1,700 IT service providers, the lack of cybersecurity awareness amongst employees is a leading cause of a successful ransomware attack against an SMB.

Read more: COVID-19 PANDEMIC MOVES ORGANIZATIONS TO INCREASE CYBERSECURITY SPENDING