Cybersecurity Risk Assessment and Mitigation: Difference between revisions

From OpenCommons
Jump to navigation Jump to search
en>Ocadmin
No edit summary
 
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{ActionCluster
{{ActionCluster
|image=ActionClusterImage.png
|team=Cybertrust America, Global Cyber Alliance, (ISC)2 Silicon Valley Chapter, EP3 Foundation, Silicon Valley Cybersecurity Alliance, Sightline Security
|leader=Lan Jenson
|imagecaption=Protected data; Happier people in your Smart City and Community.
|municipalities=San Mateo CA, Orange County CA, San Jose CA
|status=Implemented
|website=https://drive.google.com/open?id=1CUHh-1IWhbLBrHDFak_LDMEUS3fmxyVZ Tech Jam Presentation]; [https://docs.google.com/document/d/1JR9nwfa6AShDtNaMNz-LVwOA52kZbXuA5n_QUZXOsNQ/ Project worksheet
|description=Empower municipalities with cybersecurity risk assessment methodology and resources to enable timely understanding of their risk levels and appropriate mitigation against cyberrisks.


| title              = Cyber Resilience Planning (formerly Cybersecurity Risk Assessment and Mitigation)
The risk assessment methodology is adapted from NIST Cybersecurity Framework with a Technical Risk Rating component and an Expert Assessment. The daunting resource shortage is addressed by a unique volunteer matching mechanism based on public-private partnerships.
 
|challenges=Municipalities are increasingly under attacks from cyberthreats from nation states and financially motivated criminals. Most of local government CIOs consider cybersecurity a top priority in 2018.   
| team              = Adaptable Security Corp, Global Cyber Alliance, (ISC)2 Silicon Valley Chapter, EP3 Foundation, Silicon Valley Cybersecurity Alliance, Sightline Security Corp
 
 
| leader            = Lan Jenson
| email              = lan@adaptablesecurity.org
| image              = ActionClusterImage.png
 
| imagecaption      = Protected data; Happier people in your Smart City and Community.
 
| municipalities    = San Mateo County, CA USA
<!--; Orange County, CA USA; San Jose, CA USA-->
 
| status            = Implemented
 
| website            = 
 
| download          = [https://drive.google.com/open?id=1CUHh-1IWhbLBrHDFak_LDMEUS3fmxyVZ Tech Jam Presentation]; [https://docs.google.com/document/d/1JR9nwfa6AShDtNaMNz-LVwOA52kZbXuA5n_QUZXOsNQ/ Project worksheet]
 
| description        = Empower municipalities with cybersecurity risk assessment methodology and resources to enable timely understanding of their risk levels and appropriate mitigation against cyberrisks.
 
 
 
The risk assessment methodology is adapted from NIST Cybersecurity Framework with a Technical Risk Rating component and an Expert Assessment. The daunting resource shortage is addressed by a unique volunteer matching mechanism based on public-private partnerships.  
 
 
 
| challenges         = Municipalities are increasingly under attacks from cyberthreats from nation states and financially motivated criminals. Most of local government CIOs consider cybersecurity a top priority in 2018.   


Municipalities are understaffed and often lack the required expertise to initiate a cohesive strategy, plan and mitigation against cyberthreats.
Municipalities are understaffed and often lack the required expertise to initiate a cohesive strategy, plan and mitigation against cyberthreats.
 
|solutions=The proposed solution addresses some of the biggest challenges by:
 
 
| solutions         = The proposed solution addresses some of the biggest challenges by:
 
* establishing a NIST-standard risk management methodology
* establishing a NIST-standard risk management methodology
* identifying funding models for public institutions applicable
* identifying funding models for public institutions applicable
* providing free security rating technology
* providing free security rating technology
* providing free technologies to defend against most common vulnerabilities (email-validating DMARC and privacy preserving and secure DNS solution)
* providing free technologies to defend against most common vulnerabilities (email-validating DMARC and privacy preserving and secure DNS solution)
* matching experts to implement solutions pro bono or at cost
* matching experts to implement solutions pro bono or at cost
 
|requirements=Develop and assemble project team (completed)
 
 
| requirements       = Develop and assemble project team (completed)


Create scope and requirements, project plan (completed)
Create scope and requirements, project plan (completed)
Line 68: Line 38:


Identify and engage next project sites
Identify and engage next project sites
 
|kpi=Cybersecurity rating of a municipality (against baseline)
| kpi               = Cybersecurity rating of a municipality (against baseline)


Number of data breaches in public safety domains such as law enforcement, fire and emergency medical Services, schools, transportation
Number of data breaches in public safety domains such as law enforcement, fire and emergency medical Services, schools, transportation
 
|measurement=Measurement of cybersecurity ratings of included entities in a municipality, compared to baseline
 
 
| measurement       = Measurement of cybersecurity ratings of included entities in a municipality, compared to baseline


Measurement of data breach count over 6 months period, compared to baseline
Measurement of data breach count over 6 months period, compared to baseline
 
|standards=Uses the widely adopted NIST Cybersecurity Framework (NIST CSF)
 
|cybersecurity=The web based applications used to provide near real time cybersecurity ratings to member municipalities and to match volunteers with member municipalities will be secured using SSL Certificates employing Extended Validation.
 
|impacts=Reducing economic losses of governments and smaller businesses to cybercrime and fostering economic diversity of all businesses  
| standards         = Uses the widely adopted NIST Cybersecurity Framework (NIST CSF)
 
 
| replicability      = Standardized processes are not unique to city or region and can be replicated and scaled up in multiple cities/communities. The solution is planned to be replicated in 2 more cities in the US.
 
 
 
The system will have its own business model to create sustainable revenue stream.
 
| cybersecurity     = The web based applications used to provide near real time cybersecurity ratings to member municipalities and to match volunteers with member municipalities will be secured using SSL Certificates employing Extended Validation.
 
 
 
| impacts           = Reducing economic losses of governments and smaller businesses to cybercrime and fostering economic diversity of all businesses  


Improving quality of life for municipality officials and residents thanks to reduced cybercrime and privacy concerns
Improving quality of life for municipality officials and residents thanks to reduced cybercrime and privacy concerns


Fostering a culture of security by shrinking the skills gap in cybersecurity and privacy
Fostering a culture of security by shrinking the skills gap in cybersecurity and privacy
 
|demonstration=Web-based application to give technical cybersecurity ratings near real-time available in member municipalities;  
 
 
| demonstration     = Web-based application to give technical cybersecurity ratings near real-time available in member municipalities;  


Web-based platform to match volunteers with member municipalities real needs;  
Web-based platform to match volunteers with member municipalities real needs;  


Tried and proven risk assessment methodology and mitigation from pilot projects in member municipalities.
Tried and proven risk assessment methodology and mitigation from pilot projects in member municipalities.
|chapter=Cybersecurity and Privacy Risk Management
|supercluster=Cybersecurity and Privacy, Wireless
|year=2018
|title=Cyber Resilience Planning (formerly Cybersecurity Risk Assessment and Mitigation)
|email=lan@adaptablesecurity.org
|replicability=Standardized processes are not unique to city or region and can be replicated and scaled up in multiple cities/communities. The solution is planned to be replicated in 2 more cities in the US.






| supercluster      = Wireless
The system will have its own business model to create sustainable revenue stream.
 
| year              = 2018
 
}}
}}
[[Category:Cybersecurity and Privacy]]

Latest revision as of 22:32, January 24, 2023


Cybersecurity Risk Assessment and Mitigation
GCTC logo 344x80.png
ActionClusterImage.png
Protected data; Happier people in your Smart City and Community.
Team Organizations Cybertrust America
Global Cyber Alliance
(ISC)2 Silicon Valley Chapter
EP3 Foundation
Silicon Valley Cybersecurity Alliance
Sightline Security
Team Leaders Lan Jenson
Participating Municipalities San Mateo CA
Orange County CA
San Jose CA
Status Implemented
Document None

Description

Empower municipalities with cybersecurity risk assessment methodology and resources to enable timely understanding of their risk levels and appropriate mitigation against cyberrisks.

The risk assessment methodology is adapted from NIST Cybersecurity Framework with a Technical Risk Rating component and an Expert Assessment. The daunting resource shortage is addressed by a unique volunteer matching mechanism based on public-private partnerships.

Challenges

Municipalities are increasingly under attacks from cyberthreats from nation states and financially motivated criminals. Most of local government CIOs consider cybersecurity a top priority in 2018.

Municipalities are understaffed and often lack the required expertise to initiate a cohesive strategy, plan and mitigation against cyberthreats.

Solutions

The proposed solution addresses some of the biggest challenges by:

  • establishing a NIST-standard risk management methodology
  • identifying funding models for public institutions applicable
  • providing free security rating technology
  • providing free technologies to defend against most common vulnerabilities (email-validating DMARC and privacy preserving and secure DNS solution)
  • matching experts to implement solutions pro bono or at cost

Major Requirements

Develop and assemble project team (completed)

Create scope and requirements, project plan (completed)

Develop system architecture (completed)

Create application development team (completed)

Identify a pilot program; design and roll out pilot (pilots identified)


Gain stakeholder support and buy-in from the community

Run pilot for three months

Summarize best practices and lessons learned and publish if applicable

Identify and engage next project sites

Performance Targets

Key Performance Indicators (KPIs) Measurement Methods

Cybersecurity rating of a municipality (against baseline)

Number of data breaches in public safety domains such as law enforcement, fire and emergency medical Services, schools, transportation

Measurement of cybersecurity ratings of included entities in a municipality, compared to baseline

Measurement of data breach count over 6 months period, compared to baseline

Standards, Replicability, Scalability, and Sustainability

Uses the widely adopted NIST Cybersecurity Framework (NIST CSF)

Cybersecurity and Privacy

The web based applications used to provide near real time cybersecurity ratings to member municipalities and to match volunteers with member municipalities will be secured using SSL Certificates employing Extended Validation.

Impacts

Reducing economic losses of governments and smaller businesses to cybercrime and fostering economic diversity of all businesses

Improving quality of life for municipality officials and residents thanks to reduced cybercrime and privacy concerns

Fostering a culture of security by shrinking the skills gap in cybersecurity and privacy

Demonstration/Deployment

Web-based application to give technical cybersecurity ratings near real-time available in member municipalities;

Web-based platform to match volunteers with member municipalities real needs;

Tried and proven risk assessment methodology and mitigation from pilot projects in member municipalities.