Indiana is up to practicing in an exercise for a cyberattack that involves their critical infrastructure. Great work. It gets all the key leaders and their essential specialists in a room to train before an actual cyber event. It was worth every bit of time and expense to run the simulation and then set goals before the next exercise. Can you imagine if the CEO or Board would do the same in their organization and then watch as it unfolds. To test your ability is the best way to spot weaknesses and identify areas to be addressed. And even better, the CEO and Board will hear for the first-time words like NIST and Zero Trust Security Model. As well as secondary control systems. For many of you, you know where we are. But in Ohio and throughout the US, most organizations have not passed an external cyber audit and nearly all third-party IT companies do not train or execute to any CSFs. They are waiting for someone to tell them.
So, for agencies and enterprise offices that do not have a certificate, inadequate backups and do not have any secondary controls, it begins with doing an internal NIST assessment. Then you can start to build a culture at your business that gives everyone confidence that you and your technology can survive. That you can protect your customer’s data. So, we give you the Indiana challenge to schedule your own exercise. Then in two years with hard work, you too can pass a NIST external cybersecurity audit.
Read the article: Indiana holds full-scale cybersecurity disaster drill | wthr.com