In addition to its incident response services, the Cyber Incident Response Team (CIRT) offers several programs designed improve an organization’s cybersecurity posture. These programs are outlined below and are available at no cost to local governments, non-Executive State agencies, and public authorities.
Cybersecurity Risk Assessments
The Cybersecurity Risk Assessment program is a joint effort between CIRT, OCT’s Critical Infrastructure (CI) Unit, and the Division of Military and Naval Affairs (DMNA). The risk assessment program provides actionable recommendations to improve cybersecurity posture. The final report from the assessment team consolidates vast amounts of threat and vulnerability information into a handful of action-oriented, prioritized findings for information technology (IT), business, and leadership teams to remediate. The final report is protected pursuant to the federal Department of Homeland Security’s Protected Critical Infrastructure Information (PCII) program. Cybersecurity Risk Assessments have three phases:
The assessment team examines the organization’s Internet-facing perimeter and evaluates it for weaknesses that could be exploited by an adversary. This examination enumerates all the ports and services available to the general internet and cross references those with known vulnerabilities. The assessment team also conducts open-source intelligence collection on the organization to identify publicly available, sensitive information that could be used by potential adversaries to initiate an attack. The team will look at job postings, the organization’s website, and whether organizational data has been captured in publicly disclosed breaches.
Internal Vulnerability Assessment
The assessment team changes focus, adopting the perspective of an internal attacker. During this phase, the layout of the organization’s internal network is evaluated, and a variety of industry standard automated and manual tools are used to assess the configuration, patch status, and lifecycle status of servers, network devices, and workstations throughout the organization’s network.
Security Program Posture Assessment
The assessment team measures the organization's cybersecurity posture against the Center for Internet Security’s (CIS) Controls. This consists of interviews with appropriate staff members and a review of policy documents to determine whether cybersecurity controls are backed by policy, implemented, automated, enforced, and reported to management.
Immediately upon conclusion of the assessment, a preliminary review is provided to apprise the organization of significant findings. The team also provides the raw output of the scanning tools to the organization at this time. After this session, a comprehensive, peer reviewed, PCII protected report is drafted that provides a prioritized list of actions the organization may take to mitigate identified risks. The assessment team is available for follow-on discussions about the organization’s approach to remediation.
CIRT will provide a simulated phishing attack for eligible organizations to help them assess the effectiveness of their email security training. At the conclusion of a phishing engagement, targeted training with various learning modules, including modules that educate users on how to spot phishing messages can be provided. CIRT will then deliver a report showing how many users were deceived by the phishing emails, to what extent they interacted with the suspect emails, and how many completed the training. Upon request, the phishing assessments can include an additional simulated phishing attack after the training to measure its effectiveness.
CIRT will facilitate a three-hour tabletop exercise that will walk the organization through a mock incident and test its cyber incident response plans and preparations. These exercises are customized by CIRT staff to reflect the organization's unique structure and resources and can help drive improvements in existing plans and procedures. The scenarios used in these exercises are based on real world incidents that have impacted government entities in New York State.
CIRT personnel are available to assist eligible organizations with prioritization and planning activities to address vulnerabilities discovered by any of the services offered above.
These services are available at no cost to local governments, non-Executive State agencies, and public authorities in New York.