Align with CISA Cybersecurity Strategy

Blog

Oct 03, 2023

Cybersecurity

Earlier this year the Cybersecurity and Infrastructure Agency (CISA), the U.S. government organization tasked with building a more secure and resilient infrastructure for the nation, released its strategic plan for 2024 through 2026. Considering that October is Cybersecurity Awareness Month, it’s worth revisiting the three overarching goals behind CISA’s plan:

Address immediate threats
Harden the terrain
Drive security at scale

Each goal has three underlying objectives:

Addressing immediate threats includes monitoring, mitigating and managing cybercrimes like ransomware, which analysts estimate causes trillions in economic damage annually.
Hardening terrain involves investigating past attacks, planning for future ones and investing in policies and procedures for doing so.
Driving security at scale means supporting a national ecosystem of solutions developers, technical experts and cybersecurity specialists enabled by technology and entrusted with accountability.

In the spirit of CISA’s plan, we encourage leaders of small to medium-size businesses (SMBs) to develop their own cybersecurity strategies for the coming years. We recommend starting with these five assessments:

Risk report – an executive-level summary with charts, graphs and a vulnerability “score”
Policy review – includes written documents pertaining to devices, passwords, breaches, remote work and other pivotal areas
Permission report by computer – a comprehensive list of every device sharing network resources
Permission report by user – a comprehensive list of every individual with credentials, including level of access
Compliance review – considers industry and regulatory requirements, identifies risks, gauges exposure and estimates potential fines

Get in touch if you’d like our help developing or refining your cybersecurity strategy.