Our Cybersecurity Team can help provide insight into your current security posture, validate your position, establish a baseline, determine gaps and suggest improvements. If you are planning to update your infrastructure, it is a good idea to obtain a third-party review prior to the update to identify any concerns. Also, we may have applicable consortium discounts on hardware and software that may reduce your costs.
The MOREnet Cybersecurity Assessment is based on security best practices, CIS critical controls and the NIST Cybersecurity Framework and is conducted at your site. The report you receive will serve as a baseline for areas of strength and concern to improve your overall security defenses.
Cybersecurity will ask if you would also like a network assessment, and if so, we will conduct both at the same time. There will be one cybersecurity staff member and one network staff member conducting the assessments. Your organization network and server administrators and staff familiar with your training and policies should attend the assessment.
The assessment is included in your Full MOREnet Membership Service Package, and the only expense to the district is travel, which is based on your location from the MOREnet office in Columbia. We will create a quote that will need to be signed prior to the assessment. Assessments can usually be scheduled within a month of the request. For Basic members, please contact us for quote.
We’ll send a short pre-assessment form so we have a basic understanding of the solutions you currently have. This will be returned to the Cybersecurity group prior to the assessment.
When we are on site, we will ask to see an example of your best and worst network closets and interview your staff about your cybersecurity posture. The areas the assessment covers are: physical security, network infrastructure, secure configurations, access control, monitoring, enterprise asset inventory, data lifecycle handling, network and endpoint protections, data protection and recovery, policies, training and passwords. It is helpful to have a network diagram, AUP, incident response plan, etc. available during the assessment. It usually takes two to two and a half hours to complete the assessment. If you have specific areas of concern, please let us know. This assessment intended to be a low-key sharing of information and exploration of how we can assist in increasing your cybersecurity posture.
The cybersecurity assessment will highlight findings and recommendations with a score in each area and a total overview score. We recommend requesting another assessment in three years or after a significant network change. The first assessment can serve as a baseline for future assessments.
What it is Not
- It is not an audit. We will not ask to look at logs or go through your processes in detail.
- It is not a pen test. We have resources for pen testing if you are interested. A cybersecurity assessment is a great first step if you want to pursue an audit or pen test in the future.
The report will be sent within one to two weeks after the assessment. If you find something that was not accurately reflected, please let us know and we can update the report.
Reports of phishing, business email compromise with a man in the middle attack, and ransomware have increased greatly; any of these attacks can be detrimental to any organization and impact community trust. Knowing your areas of improvement will help minimize your risk.
Our goal is to provide information to our members that will improve your cybersecurity posture, and we will learn more about our members’ environments. We love visiting our sites and getting to know you better!
To request a Cybersecurity Assessment, please email security@more.net.
