Cybersecurity

What is Cybersecurity?

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

Why Cybersecurity matters.

There's been a lot of talk about Cybersecurity lately, from email hacks at the Pentagon to breaches at insurance carrier databases. Big corporations and the government aren't only at risk. Small and mid-sized businesses also must make data and network protection a top priority.

Scroll down for the playbooks

Cybersecurity Audit Playbook

Step 1. Make use of NIST CSF and CSET.

What is NIST CSF?

The NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high- level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. NIST.gov Framework Site.

What is CSET?

The Cyber Security Evaluation Tool (CSET) provides a systematic, disciplined, and repeatable approach for evaluating an organization's security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using many recognized government and industry standards and recommendations. Install CSET.

Step 2. Create a baseline of your network.

What is "Normal"?

"Normal" is understanding what your network is doing under normal conditions, expect to spend 2-4 weeks minimum to get that understanding.

Then we can start to ask :

  • What devices are on the network?
  • How many printers do we have?
  • Do we have any servers or services that we no longer use?
  • What versions of what is running where?
  • Are we expecting to see traffic to Microsoft or Apple.com?

What free tools can we use to start understanding "normal".

Greenbone - The leading open-source vulnerability scanner :
Greenbone's mission is to identify IT security vulnerabilities and weaknesses before they can be exploited. We can reduce the risk and impact of cyberattacks on companies, organizations, and workplaces by up to 99.9%. Greenbone

Security Onion - Network Security Monitoring :
Security Onion, a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes best-of-breed free and open tools including Suricata, Zeek, the Elastic Stack and many others. Security Onion

Step 3. Baseline + CSET = A More Secure Network.

Using CSET we can now walk through each control and definitively answer each question with confidence. At the end of each module, you will be given a report outlining where improvements should be made to strengthen your cybersecurity posture.

No network is 100% hack proof. You should operate as if you are compromised. Keep using best practices like separate accounts for admin actions. Stay up to date on CVEs (Common Vulnerabilities and Exposures), keep your team accountable and update documentation.

Be sure to check out free services like CISA's Cyber Hygiene Services

Now you have the tools to be successful in creating a more secure network.

Incident Response Playbook

comming soon...

Penetration Testing Playbook

comming soon...

Employee Awareness Playbook

comming soon...

Let's partner up.

Let us handle your IT, you focus on growing your business.

  • Managed Data
  • Managed Networks
  • Proactive Support
  • Cybersecurity
Content Image

Top