Cybersecurity Support
Check out all the FREE services and resources offered through CISA’s Support in Wisconsin!
Thanks to our partners from the Office of School Safety, WiRSA was able to connect with Wisconsin’s CISA (Cybersecurity & Infrastructure Security Agency) Services.
Wisconsin-based CISA Partners:
If you would like to have a personal conversation about these services, please contact:
Daniel Honore
CyberSecurity Advisor, Region 5 (WI)
Cybersecurity and Infrastructure Security Agency
(414) 573-0899 |daniel.honore@cisa.dhs.gov
Book time to meet with Daniel Honore: 30 minutes | 1 hour | 90 minutes
Wisconsin-based CISA Partners:
CSC Bill Nash PSA David Melby PSA John E. Busch
608.590.7105 608.405.2931 414.369.8540
willam.nash@cisa.dhs.gov david.melby@cisa.dhs.gov john.busch@hq.dhs.gov
CISA - SERVICES and RESOURCES
Vulnerability Scanning Service (formerly Cyber Hygiene (CyHy)) – The VSS service assesses the health of your internet-accessible assets by executing non-credentialed scans of public, static IPs checking for known vulnerabilities, weak configurations—or configuration errors—and suboptimal security practices. To sign up for this service send an email to vulnerability@cisa.dhs.gov stating that you would like to sign up for VSS and include Entity name, POC Name, POC Email Address, POC Phone number, Mailing address.
https://www.cisa.gov/cyber-hygiene-services
———————————————————————————————————————————-
Known Exploited Vulnerability - Authoritative source of vulnerabilities that have been exploited in the wild. By emphasizing remediation of vulnerabilities that are being actively used by adversaries you can significantly drive down the risk of a damaging compromise. Subscribe to the KEV catalog updates!
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
———————————————————————————————————————————-
Alerts – Sign up to receive automatic e-mail updates from CISA to keep up with breaking news and information about our various topic areas.
https://www.cisa.gov/news-events (direct link to subscribe: https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?qsp=CODE_RED)
———————————————————————————————————————————
Resources, tools, and services – A very long list of free resources (not all are from CISA).
https://www.cisa.gov/resources-tools/services
CISA Tabletop Exercise Packages (CTEPs) – are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Partners can use CTEPs to initiate discussions within their organizations about their ability to address a variety of threat scenarios.
https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
———————————————————————————————————————————-
ASSESSMENTS: (1 day or less)
CyberSecurity Evaluation Tool (CSET) - provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices.
https://www.cisa.gov/downloading-and-installing-cset
———————————————————————————————————————————-
Cross-Sector Cybersecurity Performance Goals (CPG) - A common set of protections to implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. Consists of 38 questions
https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#Overview
———————————————————————————————————————————-
Ransomware Readiness Assessment (RRA) – Understand your cybersecurity posture and assess how well your organization is equipped to defend and recover from a ransomware incident. Consists of 48 questions.
Cyber Resilience Review (CRR) – Interview-based assessment to evaluate an organization’s operational resilience and cybersecurity practices. Consists of 299 questions with an additional 68 sub-questions for a total of 367 questions.
https://www.cisa.gov/resources-tools/services/cyber-resilience-review-crr
———————————————————————————————————————————-
Cyber Security Evaluation Tool (CSET) – CSET provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices.
https://www.cisa.gov/downloading-and-installing-cset
———————————————————————————————————————————-
ASSESSMENTS: (Multi-day/week)
Remote Penetration Test (RPT) – CISA’s Remote Penetration Test (RPT) utilizes a dedicated remote team to identify and assess vulnerabilities. The RPT team works with the stakeholder to test internet exposure to eliminate exploitable pathways. RPTs focus only on externally accessible systems.
See attachment for more information.
———————————————————————————————————————————-
Risk and Vulnerability Assessment (RVA) – RVA is a one-on-one engagement with stakeholders. RVAs combine open-source national threat and vulnerability information with data that the CISA RVA team collects through remote and onsite stakeholder assessment activities. The team uses this combined information collection to provide the customer with an actionable risk analysis report containing remediation recommendations prioritized by severity and risk.
https://www.cisa.gov/sites/default/files/publications/VM_Assessments_Fact_Sheet_RVA_508C.pdf
———————————————————————————————————————————
Validated Architecture Design Review (VADR) – CISA's Validated Architecture Design Review (VADR) is an assessment based on federal and industry standards, guidelines, and best practices. The VADR service provides an in-depth analysis of infrastructure.
See attachment for more information.
If you would like to have a personal conversation about these services, please contact:
Daniel Honore
CyberSecurity Advisor, Region 5 (WI)
Cybersecurity and Infrastructure Security Agency
(414) 573-0899 |daniel.honore@cisa.dhs.gov
Book time to meet with Daniel Honore: 30 minutes | 1 hour | 90 minutes
Thank You!
WiRSA 2023
Conference Sponsors