Blog Small – Left Sidebar

The Crucial Function of Cybersecurity Policies in Organizations

The importance of cybersecurity cannot be emphasized enough in today’s connected society. Digital technology is at the core of every part of our lives; therefore, organizations must construct their defenses against cyber-attacks using cybersecurity policies as the framework. In this post, we will go into what typically makes up a security policy, as well as how to distinguish between control objectives, standards, guidelines and procedures. We will also look at why cybersecurity policies are so essential.

October 3, 2023 General Advice

A Roadmap to Developing Your Community Cybersecurity Program

To help you get started in developing your community’s cybersecurity program, the CIAS-ISAO has four initial, critical steps to guide you. Each step includes specific ways to help you accomplish them.

April 17, 2023 General Advice

Collaboration and Consensus: Using the MITRE ATT&CK Framework

The MITRE ATT&CK framework is one of today’s most significant and publicly available cybersecurity knowledge bases. Organizations, cybersecurity analysts and practitioners should use MITRE ATT&CK because it fosters greater awareness of the security posture by gaps in defenses. More importantly, the ATT&CK lists methods to mitigate or interrupt attacker attempts to perform the specific technique. Moreover, the framework is designed to be used at all levels of the organization, from analysts to leaders. This article highlights the framework’s tactics with examples of how to share information within your organization.

February 15, 2023 General Advice, Uncategorized

Introducing Alan CyBear, the Smokey of Cybersecurity

The cultural icon Smokey Bear, with his yellow hat and wildfire prevention tagline, has been familiar to Americans for decades. Likewise, McGruff the Crime Dog, who encouraged the public to “Take a bite out of crime.” These famous characters has helped encourage a culture of security. But what about a culture of cybersecurity?

Since cybersecurity is a shared responsibility, the UTSA Center for Infrastructure Assurance and Security (CIAS) has launched Alan CyBear™, a new mascot to promote a more secure nation through cybersecurity awareness, prevention and defensive efforts.

November 14, 2022 News

Think like a Hacker, a Defense Strategy

A good defense requires that IT security professionals think like an attacker to defend their organizations tactically and preemptively. In general, security professionals need to develop “oblique thinking,” enabling an adversarial mindset that focuses on identifying assumptions and determining if and how these assumptions can be violated. This article focuses focus on the (1) reconnaissance, (2) scanning (3) and gaining access phases of hacking and how to defend against them.

October 18, 2022 General Advice

Engaging your Leadership in Cybersecurity

Over the years, the security industry has been encouraging the highest levels of leadership to become more involved and knowledgeable in cybersecurity. Organizational leaders that need to be aware of cybersecurity are at all levels. Leaders can be the CEO, the board of directors, the school superintendent, a department head or a team lead. These leaders do not focus on the cybersecurity day-to-day details, but they do have unique roles in helping their organizations manage cybersecurity threats. Now is a great time to work with the leaders in your organization to be more cyber-knowledgeable and cyber-prepared.

September 14, 2022 General Advice

Incident Response – Lessons to be Better Prepared

Incident response addresses the question: “How well did you prepare?” Your response to that question is directly related to your preparation. This supports the adage that an ounce of prevention is worth a pound of cure—or response. This article takes a look at five basic lessons to consider when mitigating incidents to help you prepare and prevent a potential cyber incident.

June 21, 2022 General Advice, Uncategorized

Incident Response Plans (Webinar)

Incident Response Plans are critical to an organization's ability to minimize damage caused by threats, including data loss, abuse of...

June 7, 2022 News

A Whole-Community Cybersecurity Program

A community with an established cybersecurity program and established information sharing processes will be much more likely to be able to effectively respond to cyber events impacting them. This article introduces the topic of whole-community cybersecurity programs and five key reasons why they are needed.

March 17, 2022 General Advice

An Introduction to the CISA Reporting System (Webinar)

Register for a one-hour webinar on October 26th with the CIAS-ISAO Associate Director of Technology and Research Dwayne Williams, as he provides insights into no-cost tools that can help you monitor and secure your organization’s IT infrastructure.

February 14, 2022 News

How the CIAS-ISAO can Assist You with Your Cybersecurity Program

The CIAS-ISAO was established to help states, local jurisdictions, tribes and territories (SLTTs) to establish comprehensive cybersecurity programs by using the Community Cyber Security Maturity Model (CCSMM). This multi-dimensional model provides a roadmap and common point of reference for organizations looking to create viable and sustainable cybersecurity programs.

February 9, 2022 General Advice

No Cost Training Resources through the NCPC

Since 2004, members of the National Cybersecurity Preparedness Consortium (NCPC) have been working with the Department of Homeland Security (DHS) to provide research-based, cybersecurity training, exercises and technical assistance to local jurisdictions, counties, states and the private sector. These resources are available at no cost to participants! Learn more about these resources here!

January 19, 2022 General Advice, Uncategorized

Have You Identified Your IT High Value Assets?

In today’s increasingly connected world, it is more important than ever to ensure an organization’s information and information systems are protected from cyber threats. Every organization has critical information and technology assets that are essential and require enhanced security. However, due to finite organizational resources, a deliberate and strategically-focused approach is needed to identify – and secure – the most important assets. Gain a better understand of why formally identifying your high value assets – and mission essential functions – are critical to supporting your organization’s ability to conduct business.

November 11, 2021 General Advice

Combatting Disinformation

The Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio has frequently used disinformation and misinformation in its community cybersecurity exercises to impact the ability of first responders to accomplish their mission. Consequently, it is our recommendation that communities need to be prepared to counter disinformation attacks that may occur in the community.

October 20, 2021 General Advice, News

Basics of Identification and Risk Management

When it comes to cybersecurity, it is common to hear statements that you can’t protect against all attacks and be absolutely secure. Because of this, the goal of organizations should not be to try and make their computer systems and networks absolutely secure but rather they should concentrate on managing the risk to the organization. One necessary factor in risk management is an understanding of your IT environment including what systems and software you utilize.

September 10, 2021 General Advice, Uncategorized

Communities to Become More Cyber Secure Thanks to $1.67 Million NSA Grant

The National Centers of Academic Excellence in Cybersecurity, as part of the National Security Agency (NSA), has awarded a grant in the amount of $1.67 million to the CIAS to help communities become more cyber secure nationwide. The CIAS will work with multiple communities during the two-year grant, beginning with Angelo State University and the city of San Angelo.

September 7, 2021 News

Members: Register Here for Free Access to the No Cost Tools Webinar for Improving Your IT Infrastructure

As a member, your ticket to the upcoming Webinar “Continuity Planning” is FREE. Just go here to register.

September 2, 2021 Members Only (Level 1+) 1 Comment

Low Cost Tools Webinar to Improve Your IT Infrastructure on Oct 26

September 2, 2021 News

Article on Creating a Culture of Security in K12 Education

A Culture of Cybersecurity Begins with Hometown Security

Cyberattacks are occurring at the state and local level, impacting government, small businesses, academia and industry sectors, which ultimately impacts the individuals throughout the community. A whole-community approach needs to be taken by communities to protect their citizens. This begins at the K-12 level, helping educators access the tools and resources they need to create better cyber-aware citizens and support a growing cybersecurity workforce.

August 17, 2021 General Advice

Attacks on Critical Infrastructures and Protecting Them

We know our infrastructures are targets for cyberattacks, both for cyber criminals as well as nation-states. Understanding the types of cyber attacks on critical infrastructure provides lessons on how to defend and protect against such attacks. This article also provides 11 steps that communities can take to prepare for an attack on one or more of their critical infrastructures.

July 7, 2021 General Advice

Load More Posts

Blog - Small Layout