Cybersecurity Services

In addition to its incident response services, the Cyber Incident Response Team (CIRT) offers several programs designed improve an organization’s cybersecurity posture.  These programs are outlined below and are available at no cost to local governments, non-Executive State agencies, and public authorities.

The Cyber Capability Workshop Program is designed for organizations that want to bring together their non-technical and technical leadership for a full day to help leaders understand how their role within the organization is important in protecting against cyber threat actors.  During Cyber Capability Workshops participants conduct a quick capability assessment of their organization on 11 dimensions (cyber governance and decision making, cyber and procurement, cyber culture and communication, cyber training, roles and responsibilities, data management and classification, legal risk, cyber policies, general cyber readiness, Incident Response Plans, and general technology readiness) and then discuss how to increase capabilities in all of the dimensions. After the workshop, an activity report is issued that leaders can use to guide future discussions and investments.

The Full Cybersecurity Risk Assessment Program is geared towards larger organizations as this assessment can take several weeks from start to finish. It includes three phases 1) an edge assessment, 2) internal vulnerability assessment, and 3) a security program posture assessment. The final report from the assessment consolidates vast amounts of threat and vulnerability information into a handful of action-oriented, prioritized findings for information technology (IT), business, and leadership teams to remediate.  The engagements are protected pursuant to the federal Department of Homeland Security’s Protected Critical Infrastructure Information (PCII) program. 

The Rapid Cyber Risk Assessment Program is geared toward smaller organizations with fewer dedicated Information Technology and cybersecurity resources.  In this program, DHSES CIRT assesses the cybersecurity hygiene of organizations over the course of two days using a maturity model focused on people, process, and technology. A final presentation and scoring of safeguards is provided to the organization which outlines gaps and provides suggestions about how to address them. The engagements are protected pursuant to the federal Department of Homeland Security’s Protected Critical Infrastructure Information (PCII) program. 

CIRT can provide analysis of systems or digital artifacts related to an active incident to help determine the root cause and provide remediation guidance.  Incident-related artifacts can be collected in person by CIRT staff, or they can be shared through a secure portal.  CIRT uses industry standard tools and offers extensive forensics experience that many organizations may not have in house.  These free services are available for active incident response as well as proactive analysis of suspicious events.

CIRT can offer remote or on-site support to eligible organizations.  During a cyber incident, our experienced team will provide “in the moment,” incident-specific recommendations on containment, eradication, and recovery to reduce the impact of the disruption and help the organization to get back on its feet quickly.  CIRT will also provide post-incident security recommendations, which can help organizations build a more proactive cyber program going forward.

The Penetration Testing Program is geared towards larger organizations and designed to identify security flaws and vulnerabilities in a customer network by exploiting, pivoting, and chaining misconfigurations and/or vulnerabilities in the environment (attack paths). A pen test culminates in a final report that contains action-oriented, prioritized findings that will highlight the risk posed by any identified security flaws. Full attack paths will include steps to replicate as appropriate, so that your staff may test any corrective actions / mitigations that they apply as a result of the report.  The final report is protected pursuant to the federal Department of Homeland Security’s Protected Critical Infrastructure Information (PCII) program. 

The Phishing Program simulates an organization-wide phishing attack to help assess the effectiveness of email security training.  Targeted training with a range of learning modules is offered at the conclusion of an assessment and/or through the use of in-the-moment training when users interact with the simulated phishing messages. At the conclusion of the engagement, DHSES CIRT will issue a report that shows how many users were deceived by the phishing emails, to what extent they interacted with the phishing emails, and how many users completed the training.

The NYS Cyber Shared Services Program is designed to enhance cyber maturity across New York State by providing critical tools, at no cost, to eligible local governments. Currently there are three shared service offerings:   

• Endpoint Detection and Response (EDR), a tool that helps detect and remove any forms of malicious activities such as ransomware or other malware. Currently available to all counties, five largest cities (outside NYC) and the two largest municipalities within each county.

   

• Attack Surface Management (ASM), a tool that scans and identifies all internet-facing assets such as websites, domains, IPs, and certificates for potential vulnerabilities. Currently available to the five largest cities (outside NYC) and all counties.

   

• Security Information and Event Management (SIEM), collects and analyzes data from across systems and networks to detect threats, generate alerts, and support faster incident response. Currently available to the five largest cities (outside NYC) and all NYS counties.

For more information about any of these services email [email protected]

The Cyber Tabletop Exercise Program is designed to walk key stakeholders through a three-hour customized mock incident and test the organization’s cyber incident response plan and preparations.  These exercises reflect the organization's unique structure and resources and can help drive improvements in existing plans and procedures.  The scenarios used in these exercises are based on real world incidents that have impacted government entities in New York State. The final report presents recommendations, strengths and weaknesses for the organization.

CIRT personnel are available to assist eligible organizations with prioritization and planning activities to address vulnerabilities discovered by any of the services offered above. These services are available at no cost to local governments, non-Executive State agencies, and public authorities in New York.

This email is monitored during business hours.

Request Services