July 1, 2020
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released the second in a series of six Cyber Essentials Toolkits, with the latest focused on “Your Staff, The Users.” This aligns with the second of the six “Essential Elements” identified in the Cyber Essentials, which CISA published in November 2019. The second essential is “Develop Security Awareness and Vigilance,” and the toolkit lists actions for leaders and IT staff or service providers to achieve this task. “Leverage basic cybersecurity training” and “Maintain awareness of current events related to cybersecurity” are two of the actions. CISA provides descriptions of each of the actions and offers resources to assist with implementation.
May 29, 2020
As a follow-up to the November 2019 release of its Cyber Essentials, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) announced the release of the first in a series of six Cyber Essentials Toolkits. The Cyber Essentials identifies six “Essential Elements” for leaders and IT professionals to take to reduce cyber risk. The first toolkit addresses the first of the six: “Drive Cybersecurity Strategy, Investment and Culture.” It lists actions for leaders to achieve this tasks, two of which include “Determine how much of your organization’s operations are dependent on IT” and Build a network of trusted relationships for access to timely cyber threat information.” For the second action, CISA identifies Information Sharing and Analysis Centers (ISACs), which include WaterISAC, as one type of organization to have a relationship with to maintain situational awareness of cyber threats.
Each month going forward, CISA intends to release a new toolkit to correspond with each of the other elements.
November 6, 2019
On November 6, 2019, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) announced the release of its Cyber Essentials document, which contains a list of six actionable items for leaders and IT professionals to take to reduce cyber risk. These are:
- Drive cybersecurity strategy, investment, and culture;
- Develop heightened level of security awareness and vigilance;
- Protect critical assets and applications;
- Ensure only those who belong on your digital workplace have access;
- Make backups and avoid loss of info critical to operations; and
- Limit damage and restore normal operations quickly.
These actions are intended to be a starting point for anyone to understand and address cybersecurity risk as they do other risks. They were developed in collaboration with small businesses and state and local governments and aim to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity.
“When it comes to collective defense, we are only as strong as our weakest link, which is why CISA is committed to raising the bar in cybersecurity across all companies and government, regardless of their size,” said CISA Director Christopher Krebs. “Cyber Essentials are designed for those small businesses and local governments who don’t have abundant resources – where the CEO is also the chief information officer, head of marketing and HR – who are looking for where to start. This is a set of cybersecurity practices that are easy to adopt and understand and together constitute ‘the basics.’”