Many counties across the U.S. are taking advantage of no-cost help in advancing the protection of their information technology assets. There are many programs and non-profit organizations funded under the Department of Homeland Security that support all public agencies. Two such organizations (which are actually connected together) are the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Center for Internet Security (CIS).
MS-ISAC provides its public agency members (membership is free) a plethora of free services that support and help elevate their security programs and help protect counties data and technology assets. They offer 24 by 7 incident response management, daily and weekly cyber advisories, malicious IP and URL listings, security resources, publications and white papers, and a multitude of other free services.
One such service is the Nationwide Cyber Security Review (NCSR). The NCSR is essentially a self-audit using the NIST Cyber Security Framework 'sub-categories' (there are about 110 of them) as a check list against your security program. Going through each sub-category and rating it against the level of implementation within your county results in having a plethora of reports and analysis. One such report determines where your program is compared to from a suggested baseline in each category. Another report shows how cyber security maturity in your county stacks up against all counties in the U.S. (those who had taken the Review). By the way, your Review is totally anonymous to everyone but yourself!
Throughout the review process, you have links to just about every rule, regulation, best practices available that can serve as instant references. This includes all of NIST, COBIT, ISO, SANS and HIPAA, HITECH, DHS, and continues on in a very comprehensive database. These reference tools can be utilized through the NCSR and on an on-going basis throughout the year. This makes the NCSR as important in usefulness as the Review results itself!
The whole of the U.S. participants (States, State Agencies, Counties, Cities, Territorial, and Tribal) results get summarized into a comprehensive NCSR Report for the U.S. Congress. How exciting is it to be a part of that?
Registration for the NCSR (http://msisac.cisecurity.org/resources/ncsr/registration/index.cfm) is through September and the actual review process begins on October 1st and continues through the month of October.
Gary Coverdale is the CISO for Napa County, California. He is a member of the Executive Committee for MS-ISAC. Gary also serves on the DHS Critical Infrastructure Protection Council. He continues to support the cybersecurity community on various Governing Bodies, Advisory Boards, and speaking engagements in the National cybersecurity space.
Multi-State Information Sharing and Analysis Center (MS-ISAC)