Cybersecurity 102

How to Use:

Cybersecurity 101

• Start with the Cybersecurity 101 sheet - this is the step-by-step outlined overview of how to get started with cybersecurity.

• Follow the checklist and roadmap and familiarize yourself with each of the resources linked within.

CIS Controls Framework Status Template

• This spreadsheet lists each of the CIS Controls and is formatted as a worksheet for you to indicate what you are doing and what your weaknesses are in each control. It is then used as a basis to create your Cybersecurity Controls Procedures manual.

• The Controls v8 tab of the sheet is your reference master list of the CIS Controls. Row groups have been added to help with viewing the structure.

• The Controls Worksheet tab of the sheet is your working copy of the controls that has been modified to help you respond to each control.

  • • By default, it is filtered to only show controls in Implementation Group 1

    • Use the row group controls at the left of the sheet to show and hide rows for each control

    • A checkbox has been added to Column F to indicate that you are done creating a procedure for the control

    • Columns have been added for "What We Do" and "Weaknesses"

• Once you are familiar with the CIS Controls, fill out the "What We Do" and "Weaknesses" columns

  • • The information you enter here will help you write your procedures manual below

    • Make sure you have left the spreadsheet filtered to only display Column J "IG1" controls

• When you have finished writing the procedures for a control (below), check the box in column F to mark it completed.

Cybersecurity Controls Procedures Template

• This template will become your Cybersecurity Controls Procedures manual. The template contains each of the CIS Controls as a section of the manual. You can then use the information you collected in the "What We Do" column of the spreadsheet above to outline your procedures. If you get a cybersecurity assessment, a significant portion of your score is based on whether or not you have a "policy" in place for each control. By filling out this template and creating your "procedures", you will receive a much higher S2Score on your assessment. This also will centralize your security-related procedures in one document that aligns with the CIS Controls.

  • • Find and Replace the string "ISDxxx Technology Department Procedures" with your school's name.

    • Paste the information from the "What We Do" column into the relevant section of the Cybersecurity Controls Procedures Template doc.

    • Using "What We Do" info you pasted as a guide, re-work the language so it is appropriate for your procedures manual.

    • Add links to your department's more detailed documentation as appropriate.

Results

• After doing the steps above, you will have completed the requirement of having "policies" in place for each of the CIS Controls. This will greatly improve your S2Score if you get a formal assessment.

• Once completed, review and share the Cybersecurity Controls Procedures Manual with your department.

• You can use the "Weaknesses" column to track items you need to work on from year to year.

Bonus Extra Cybersecurity Checklist

• This is a checklist that I use which includes a number of cybersecurity-related tasks that need to be done. It has 228 items that can be collapsed into 39 parent items using the row group controls at the left of the spreadsheet. You can track Status, Date Completed, Date Reviewed, Responsibility, links to documentation, and notes for each item.