What
The Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio (UTSA) is dedicated to enhancing community resilience by helping organizations build their cybersecurity posture. The CIAS Community Cybersecurity Clinic (C4) provides no-cost cybersecurity services to small and midsize organizations, performed by UTSA students under the supervision of the CIAS. C4 is currently supported by the Google Cybersecurity Clinics Fund.
C4 Blueprint
Note: C4 recommends the following phased approach for organizations; however, it can be adapted as needed to better align with your specific needs.
Reputation Search
A review of social media platforms to identify reputational risks related to cybersecurity by reviewing online conversations about the organization’s data handling, security breaches, or employee practices. The organization receives a formal report detailing any findings.
Information Leakage Search
Building on the Reputation Search, this assessment looks for specific information such as email addresses, phone numbers, and technologies the client organization uses. This search is conducted to detect potential data leaks
before they are exploited by cybercriminals. The organization receives a formal report detailing any findings.
Vulnerability Assessment
Process of identifying, classifying and analyzing security weaknesses within the organization’s IT systems, applications, and networks. This service requires a non-disclosure agreement between students/mentors and the organization. The scope and parameters of the assessment are agreed to and documented. The organization receives a formal report disclosing all findings and recommendations at the completion of the assessment.
Intelligence Scan
A process that uses advanced data collection and analysis techniques to identify potential sensitive information leaks on organizational and public websites, abandoned or misconfigured web pages, and publicly assessible services. The organization receives a formal report detailing any findings.
Policy Review
Examine and assess existing cybersecurity policies to identify gaps, weaknesses, or areas needing improvement. The review aligns with current industry best practices. The organization receives a formal report providing all recommendations.
Incident Response Plan (IRP) Review
Examine, assess and provide recommendations to improve the organization’s IRP. Key aspects of the review include:
- Determining if an incident has occurred
Examining and analyzing a cybersecurity incident after it occurs - Determining the root cause
- Identifying weaknesses in the security posture and implementing improvements
- Post-incident analysis
The organization receives a formal report disclosing recommendations of their existing incident response plan.
The CIAS’ Community Cybersecurity Clinic (C4) was established to:
Offer supervised student-led pro bono digital security assistance to community organizations, such as critical public infrastructure, non-profits, hospitals, municipalities, local government agencies and small businesses.
Create an experienced and capable cybersecurity workforce pipeline through paid and unpaid positions/internships for students.
Leverage dedicated cybersecurity professionals to mentor developing students.
Community organizations that need assistance with their cybersecurity posture can gain assistance from the C4 Program by taking advantage of the no cost services provided.
UTSA Student Support
C4 works with UTSA cybersecurity students to provide them with experiences and skills to help local community organizations protect against cyber threats. A primary focus of this effort is to maximize the students’ hands-on experience in planning for, conducting, and completing appropriate cyber assistance for local organizations. Students working with C4 are graduate or undergraduate students enrolled in a university cybersecurity course.
**The students selected to participate in the C4 effort have been vetted and have passed a background check by The University of Texas at San Antonio.
