Mission Critical Partners’ Post

At Mission Critical Partners we have significant invested in expanding our Cybersecurity services as requested by our client base. Our clients desire(d) to have independent Cybersecurity services (strategy, assessments, pen-testing, training, third party risk management (TPRM), monitoring, etc.) in order to algin to the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) 800-53 guidelines. As the attached article outlines, last year 48 states participated in the nationwide cybersecurity review (NCSR), which ranks governments on a scale from 1 to 7. Twenty-two achieved a score of 5 or higher. Getting such a score reflects that states have documented policies and procedures and are in the process of aligning them with a formal security framework. States scoring below 5 might not yet have a formal cybersecurity policy in place or may still be working on documenting standards and procedures that support the policy. Local governments averaged just above 4 on the scale. These respondents included counties and cities, as well as K-12 public school districts, local police, public utilities and others. About 1,248 out of 3,122 participating local government entities (or 40 percent) hit the recommended score of 5 or more. A significant portion of other respondents appeared either to not conduct cybersecurity activities or do so with “informal, ad hoc processes.” In general, state, local, tribal and territorial participants showed strengths in identity management and access control, restricting access to facilities and assets to only authorized users or devices. Many were also prepared to respond to contain a cyber incident and limit its impact. Participants also commonly had some level of continuous security monitoring in place. But governments overall showed weaknesses when it came to having more advanced threat detection capabilities. Many lacked a formal strategy for assessing risks. They didn’t always analyze cyber incidents after they occurred, which would allow them to learn and then update their strategies, policies or procedures. And many in the government sector didn’t formally review and update their disaster recovery plans. MCP welcomes to help your organization better strategize how best to approach the threat risk(s) tied to Cybersecurity incidents (pre and post event). Please contact us for more information. John R Cagle (Rich) Brian Melcer, ENP Mariam Ballow Morgan Sava Jason Scharfspitz Sid McConahy Kevin Bresnahan John Chiaramonte Joan Dashner David Niekrasz Patrick Duffy Steve Badgio Christopher Kelly, ENP Scott Neal, ENP Robert (Bob) Kaelin Chuck Collins Heather L. Pettit