By Larry Sjelin, Chief of Staff, CIAS-ISAO

If given the opportunity, would you rather prevent a cyberattack or respond to a cyberattack? Chances are that you would prefer to prevent the attack. Prevention is key to any good cybersecurity program. Building that Culture of Cybersecurity within an organization takes time but is not impossible.

The Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio (UTSA) established the CIAS-ISAO for this purpose. The core mission of the CIAS-ISAO is to help states, local jurisdictions, tribes and territories (SLTTs) to establish comprehensive cybersecurity programs by using the Community Cyber Security Maturity Model (CCSMM). This multi-dimensional model provides a roadmap and common point of reference for organizations looking to create viable and sustainable cybersecurity programs.

The CCSMM can assist an organization or community to not only respond to a cyberattack but to focus on prevention and stop the attacks from happening in the first place. Developing a culture of cybersecurity within your organization can help mitigate and reduce the impact of any cyber incident.

The CIAS-ISAO can help communities:

• Enhance public/private cybersecurity partnerships at all levels of government, industry and academia
• Provide a roadmap to develop the community’s security program to include incorporating the NIST Cyber Security Framework
• Establish a viable and sustainable community cybersecurity program based upon the Community Cyber Security Maturity Model (CCSMM)
• Establish a Community Information Sharing and Analysis Organization (ISAO), based upon the guidelines established by the ISAO Standards Organization (ISAO SO)

The Community Cyber Security Maturity Model is a coordinated plan that provides communities or local jurisdictions with a framework to identify what is needed to build a cybersecurity program focused on preparedness and response to address a cyber incident or attack. The CCSMM can assist organizations and communities to identify what needs to be done in building a viable and sustainable cybersecurity program that promotes a Culture of Cybersecurity, what is needed to prepare to detect a cyber-attack, develop plans to respond during an attack, and determine what to do after an attack has occurred.

The CIAS-ISAO offers three annual membership levels to SLTTs and organizations, within the non-profit, private sectors and various industries. The first level is free and provides access to many training and educational opportunities. The second and third levels offer members unique discounts to additional member benefits and customized consultation hours to support their cybersecurity program iniatives. Below is a high-level view of the three levels.

Membership Levels

Community Membership Level I (Free)

Available to municipalities, counties, school districts, academic institutions, governmental agencies or other organizations. This level allows communities to get connected with the CIAS-ISAO and receive information on free resources, such as quarterly webinars, and additional cybersecurity information that is shared by the CIAS-ISAO for situational awareness. Membership at this level allows access to Tier I products and services. More details here. 

Community Membership Level II

Available to municipalities, counties, school districts, academic institutions, governmental agencies or other organizations. This level allows communities to establish a community cybersecurity program through 10 hours of consultation per year. Dues are assessed to the organization each year. Membership at this level allows access to Tier I & II products and services. More details here.

Community Membership Level III

Available to municipalities, counties, school districts, academic institutions, governmental agencies or other organizations. This level allows communities to establish a community cybersecurity program through 20 hours of consultation per year.  Dues are assessed to the organization each year. Membership at this level allows access to Tier I, II & III products and services. More details here.

To learn more or discuss how the CIAS-ISAO can help you build or expand your cybersecurity program, email cias@utsa.edu.