County and City governments have a growing need for security services and It’s Just Results can provide a range of services to augment your current internal capabilities. It’s Just Results also understands that local governments are working in increasingly complex regulatory environments. Our approach to security is based on applying best practices and regulatory frameworks; such as the National Institute of Standards (NIST) Cyber Security Framework (CSF), the Center For Internet Security (CIS) 20 controls, and NIST SP 800-53.
When, not if, a security incident hits a county, city or township it can halt many services. Without these local services the public can’t make payments and businesses can’t do their jobs because information is not available to them such as house taxes used by realtors. Everything comes to a standstill and your I.T. staff is left scrambling trying to recover and get business back to normal.
In 2019 alone, there have been many incidents that have hit local governments. Baltimore city computers got hit with ransomware in May and was told to pay $76,000 or risk losing their data. In June several Florida cities paid hundreds of thousands of dollars to hackers to decrypt the files that they encrypted. Other states include Texas, Michigan, Ohio, New York and Georgia were hit with ransomware, this is just what we are seeing from larger local governments that are reporting, we are sure this is happening to smaller governments as well.
Our team of security advisors can help you by first working with you to administer a security assessment that will provide a clear picture of your current security efforts and provide a guide to develop priorities for what you should be doing next. We work collaboratively with leadership and your IT and security team and put together a roadmap for hardening your network and create plans that your local government can follow.
We will draw from a number of best practices and regulatory frameworks; such as the National Institute of Standards (NIST) Cyber Security Framework (CSF), the Center For Internet Security (CIS) 20 controls, and NIST SP 800-53, PCI, HIPPA, or LEIN.
Our services include testing your web site for exploitable breaches that would allow a hacker to steal client credentials, confirming network servers and computers are patched and protected or making sure your staff is trained in the latest phishing and social engineering ploys. Having an It’s Just Results penetration test will give you peace of mind knowing you are seeking to leave no stone unturned. Our services are continuously updated with the latest hacking techniques used in the real world along with using penetration testing frameworks such as OWASP and NIST 800-115 to make sure we consider a broad spectrum of threats. Our tests include intelligence gathering of your company, vulnerability analysis, exploitation and post exploitation.
Our policy package is designed for local government. We begin by examining your current policies and then enhancing those to meet the latest and emerging trends in policy design. Our policies are customized to meet your security and regulatory framework requirements (e.g. NIST Cybersecurity Framework or NIST 800-53, and many more). Each policy also has built in best practice controls from the CIS 20 control families. Policies include easy to understand procedures. Each policy also includes individual action plans. The policies are refined through our change process also include a 1 Year Calendar and cross-policy Gantt chart with activity timing and roles & responsibilities.
Our Security Awareness Training includes everything you need to train your employees how to protect themselves against cyber-attacks. Our security and compliance training includes over 50 videos, quizzes, employee progress reports, and much more. Once you have your employee’s trained we can test them by implementing phishing campaigns that our geared to their department. Our government focused package has everything you need to create and sustain a security culture. It is the foundation of our security transformation services that we can deliver to your mobile and desktop devices. It also includes exportable SCORM compliant videos, Single Sign-On (SSO), phishing simulations, and gamification (interactive phishing games). Our training also includes training on your organization’s security policies.
Security Monitoring will minimize cyber threats to your local government. Our Security and Incident Event Management and Managed Detection and Response tools will improve your network security. Nothing you do will secure your network 100 percent, but we can help minimize that risk and improve your ability to respond if an incident does happen.
-
4.5B
Data Breaches in 2018
-
3.9M
Average Data Breach Cost in 2018
-
8+ HR
Average Downtime for Business
-
76%
Customer Loss Potential
-
Access Control
Is Access to data and applications properly restricted; to authorized users; to specific roles? Is access shared or permanent?
-
Governance & Risk Management
Is security decision making established for executives and on the executive meeting agenda? Are policies documented and communicated? Is staff trained?
-
Inventory and Configuration Management
How current is you hardware and software inventory? Do you know what assets are part of your infrastructure? Have you established baseline configurations and keep these up to date?
-
Incident Response
Have you built an incident response capability? Have you tested it? Can you respond in hours, not weeks or months?
-
User Identification and Authentication
Have you identified and verified your users? Have you established the authentication mechanisms and integrated user management with devices, data, applications?
-
Vendor Flow Down
Have your vendors been evaluated? Do you have vendor controls in place and active?
-
Zero Trust
Are you verifying users? Are you validating devices? Are you, limiting access of privileged users? Are you applying machine learning to improve authentication processes?