On Friday, May 29, the Cybersecurity and Infrastructure Security Agency (CISA) issued the first in a series of six Cyber Essentials Toolkits. These toolkits are described as “bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential,” focused on building a company’s cyber readiness.
The first of these elements, entitled “Essential Element: Yourself, the Leader,” is a short, two-page document packed with advice and links to additional resources. It lists four essential actions for leaders of organizations:
- Approach cyber as a business risk;
- Determine how much of your organization’s operations are dependent on IT;
- Lead investment in basic cybersecurity; and
- Build a network of trusted relationships for access to timely cyber threat information.
Added to these is a fifth essential action that leaders should discuss with IT Staff or Service Providers:
- Lead development of cybersecurity policies.
Each of these five essentials is accompanied by discussion, as well as descriptions of additional resources available on the topic and links to those resources. These include resources such as a document on “Questions Every CEO Should Ask About Cyber Risks,” the Cyber Readiness Institute and the National Cyber Security Alliance, and of course NIST, the National Institute of Standards and Technology.
Putting it Into Practice: For a two-page document, the first Cyber Essentials Toolkit is packed with useful information. Corporate leadership that fears they are not on top of their organization’s cybersecurity should review the document and its resources to launch an initiative to catch up. Those leaders who believe their cyber readiness is on par should review it to confirm they are doing things right and have not missed a key element for their program.