NYS Cybersecurity Assistance Program 2020 Details
"Learn about the New York State 2020 Cybersecurity Assistance Program, its objectives, tasks, and partners. Discover how the program assists defense companies with cybersecurity needs and regulations, including webinars, workshops, and financial resources."
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
NEW YORK STATE 2020 CYBERSECURITY ASSISTANCE Program Details
Cory Albrecht Advanced Institute for Manufacturing Director calbrecht@mvcc.edu https://www.aim-mep.org/
What is NYS Cybersecurity Assistance? A grant awarded to Mohawk Valley Community College 3 Main Tasks of This Grant: The task I objective is to establish a marketing and outreach plan with ESD which includes leveraging regional assets across the state and coordinating outreach to maximize the potential company assistance. A minimum of five webinars to introduce the program; highlight DFARs requirements and provide other pertinent information.
What is NYS Cybersecurity Assistance? contd The task II objective, is to plan and execute webinars and workshops for New York State defense companies to introduce the assistance program and answer questions regarding cybersecurity needs and regulations. These webinars and workshops will train companies to perform a NIST SP 800-171 self-assessment and determine if they need additional resources to help perform the assessment and potential remediations. At the end of the webinars and workshops the trainees will have the option to take a self-assessment. A minimum of 250 DoD companies will be engaged through workshops and webinars. The task III objective, is to assist companies that don t have the financial resources or the staff available to perform assessments. Follow on implementation projects will be on an as needed basis, determined by the assessment and if the company is ready to take on such tasks at the time. At least 67 defense related companies will be assisted with assessments. Companies receiving assistance should be from as many different regions within New York State as possible.
Partners Empire State Development Mohawk Valley Community College - Advanced Institute for Manufacturing FuzeHub Twinstate Technologies MTEC
Everton H. Henriques NY MEP Solutions Director everton@fuzehub.com www.fuzehub.com
Concept of Cohort What Does A Cohort Consist of: Manufacturers in the DoD Supply Chain No Cost Membership 320 Manufacturers Memberships Available Access to Resources Statewide DoD Networking Opportunities
NYS DoD Manufacturers Cohort The program consists of the following benefits: Membership in a NYS DoD Manufacturers Cohort Conduct a 5-Part Webinar Series on Cybersecurity Presentation of an interactive 9 session training course that can be taken online at your own pace to prepare manufacturers to meet the NIST 800-171 requirements Completion Certification Offers financial assistance for manufacturers with financial and staff restraints to conduct assessments of DoD compliance Objectives by April 2021 Enroll 320 DoD Supply Chain manufacturers in the cohort and have them complete the online training Conduct 67 physical assessments awarding up to $6,000 to each company awarded.
Online Self-paced On-Demand Interactive Course SECURITY REQUIREMENT FAMILIES Access Control Media Protection Awareness and Training Personnel Security Audit and Accountability Physical Protection Configuration Management Risk Assessment Identification and Authentication Security Assessment Incident Response System and Communications Protection Maintenance System and Information Integrity Nine modules in the online Teachable platform covering the security families as described by NIST SP 800-171 Learning assessment after each module Certificate at conclusion of final module
5-part Webinar Series 22 September 2020Intro to Cyber -Proactive vs. Reactive 27 October 2020Industry -CMMC Levels 1-5 -DFARS and DoD Contracts 24 November 2020Enemies and -Cyber Espionage -The Price of Cyber Warfare 15 December 2020The Threat At -Accidental Damage 26 January 2021General Advice -Employee Handbook Review -Account Protection Security Standards and Requirements Attacks Home and Pointers -New York State 2020 Cybersecurity Assistance- Self Assessment Training Cohort and Grant -Device Placement -New York State 2020 Cybersecurity Assistance- Self Assessment Training Cohort and Grant -NIST 800-171 -New York State 2020 Cybersecurity Assistance- Self Assessment Training Cohort and Grant -Opposing Governments -NYS 2020 Cybersecurity Assistance Self- Assessment Training Cohort and Grant -What is Cybersecurity -Myths and Misconceptions -New York State 2020 Cybersecurity Assistance- Self Assessment Training Cohort and Grant -Internal Attacks -Corporate Battles Paul LaPorte, MTEC, Twinstate Tech Cory Albrecht, Everton Henriques, Paul LaPorte New York State Resource Partners Jake Mihevc, Cybersecurity Director MVCC Cory Albrecht, Everton Henriques, Paul LaPorte
Paul LaPorte Coordinator of Cybersecurity plaporte@mvcc.edu https://www.aim-mep.org/
What is Cybersecurity? Definition: Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.
What is Cybersecurity? Cybersecurity is the body of technologies, processes and practices
What is Cybersecurity? Cybersecurity is the body of technologies, processes and practices Designed to protect networks, computers, programs and data
What is Cybersecurity? Cybersecurity is the body of technologies, processes and practices Designed to protect networks, computers, programs and data From attack, damage or unauthorized access
What is Cybersecurity? Cybersecurity is the body of technologies, processes and practices Designed to protect networks, computers, programs and data From attack, damage or unauthorized access In a computing context, security includes both cybersecurity and physical security.
Myths and Misconceptions Myth 1: I m too small to be attacked.
Myths and Misconceptions Myth 1: I m too small to be attacked. Reality: Small and medium manufacturers are one of the most popular targets for attackers in the US because of reduced concern for cybersecurity.
Myths and Misconceptions Myth 1: I m too small to be attacked. Misconception: Security Through Obscurity The idea that you are safe because you are not well known . Ignores the fact that attacks can come from competitors, current/former employees, local attackers with possible agendas.
Myths and Misconceptions Myth 2: Cybersecurity is too expensive
Myths and Misconceptions Myth 2: Cybersecurity is too expensive Reality: There are many things you can do to improve your cybersecurity foundation that cost nothing and can be done with a minimal time investment.
Myths and Misconceptions Myth 2: Cybersecurity is too expensive Misconception: Completion Paralysis The idea that if all cybersecurity problems cannot be solved at once, nothing can be done or should be done until they can.
Myths and Misconceptions Myth 2: Cybersecurity is too expensive Perform risk assessment to identify current issues Improve security for current systems and devices Develop companies policies for handling information Train employees on how to handle data safely Start to plan potential investments you ll need to make in the future
Myths and Misconceptions Myth 3: I ll just buy insurance instead.
Myths and Misconceptions Myth 3: I ll just buy insurance instead. Reality: While cybersecurity insurance can be helpful in recovering from an attack, it does not help repair the elements of an attack that cause most businesses to collapse.
Myths and Misconceptions Myth 3: I ll just buy insurance instead. Misconception: Reactive Response Dedicating the majority of cybersecurity resources to recovering from an attack in the event one happens rather than on preventing the attack from happening in the first place.
Myths and Misconceptions Myth 3: I ll just buy insurance instead. The greatest damage that a cybersecurity attack causes is not to any devices or information, but to the reputation of a company. If trust is lost from key clients and they are unable to gain new business, it will be extremely difficult to survive the event.
Myths and Misconceptions Myth 3: I ll just buy insurance instead. Sixty percent of small businesses that are the victim of a cyber attack go out of business within six months. Companies must adapt a proactive mindset rather than a reactive one. Doing all they can to prevent the attack from happening in the first place and damaging their reputation.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. Reality: Protecting information is the responsibility of every single person that handles that information.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. Misconception: Technological Reliance Believing that cybersecurity is solely a technological issue, and that understanding it is out of the reach of anyone who isn t dedicated to information technology.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. Strong cybersecurity also means protecting yourself physically as well. If an attacker can physically touch the device they re trying to gain access to, their likelihood of success increases dramatically.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. Insure devices are stored in a secure location Make sure all entryways into the building are locked and/or monitored at all times Have separate entries for non-employees that requires them to log their visit
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. Attackers will attempt to exploit the weakest area of any given target. This is very commonly the staff that is handling the information if they are not properly trained.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. All the cutting edge technology in the world will not protect your company if the people with access to your information can be tricked into giving it away.
Myths and Misconceptions Myth 4: I ll let my IT staff handle it. Promote cybersecurity awareness via employee training Conduct regular meetings to clarify confusion or introduce new ideas Encourage communication and early response Make sure employees aren t afraid to admit mistakes
Links and Information Webinar series registration: https://newyorkmep.org/cybersecurity-webinar-registration Cohort registration: https://newyorkmep.org/cohort-apply
