The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness.
Chapter 1: Yourself, The Leader – Drive Cybersecurity Strategy, Investment, and Culture
This chapter focuses on providing leaders with an understanding of what it takes from the top to drive a culture of cyber readiness within their organizations. Topic areas include, leading investment in basic cybersecurity; determining how much of the business’ critical operations are dependent on IT; how to approach cyber as a business risk; leading the development of cybersecurity policies; and building networks of trusted sector partners and government agencies for information sharing.
Chapter 2: Your Staff – Develop Security Awareness and Vigilance
This chapter focuses on an organizational approach to cybersecurity by educating employees and providing training resources that encourage cyber awareness and vigilance. Topic areas include: leveraging basic cybersecurity training; developing a culture of awareness; learning about phishing and other risks; identifying available training resources; and maintaining awareness of current cyber events.
Chapter 3: Your Systems – Protect Critical Assets and Applications
This chapter focuses on an organizational approach to cybersecurity by securing network assets and information. Topic areas include: learning what is on your network; leveraging automatic updates; implementing secure configurations; removing unauthorized hardware and software; leveraging email and browser security setting; and creating approved software polices.
Chapter 4: Your Surroundings – The Digital Workplace
This chapter focuses on an organizational approach to cybersecurity by ensuring only those who belong on your digital workplace have access. Topic areas include: learning who is on your network; leveraging multi-factor authentication; granting appropriate access and admin permissions; leveraging unique passwords; and developing IT polices to address user statuses.
Chapter 5: Your Data – Make Backups and Avoid the Loss of Information Critical to Operations
This chapter focuses on providing leaders with an understanding of what it takes to ensure their organization’s data is secure and recoverable. Topic areas include: learning what information resides on the organization’s network; learning what is happing on the network; domain name system protection; learning how the organization’s data is protected; leveraging malware protection capabilities; establishing regular automated backups and redundancies of key systems; and leveraging protections for backups.
Chapter 6: Your Crisis Response – Limit Damage and Quicken Restoration of Normal Operations
This chapter focuses on responding to and recovering from a cyber attack. Topic areas include: developing an incident response plan and disaster recovery plan; using business impact assessments to prioritize resources and identify systems to be recovered; knowing who to call for help in the event of a cyber incident; developing an internal reporting structure to communicate to stakeholder.