We provide Cybersecurity Consulting that walks non-technical, County Clerks and Election Commissioners through Governance, Risk and Compliance techniques in order to build an Elections Cybersecurity Program. The goal of the Cybersecurity Program is to strengthen the Election District’s security profile through policies and procedures which guide staff training and technical controls.
Using the Center for Internet Security® Risk Assessment Method (“CIS RAM”), we work with organizations to create “reasonable” safeguards and risk management practices for regulatory, contractual, and security management purposes. We specialize in working with Election Officials and County Clerks. We also work with Technology Start-ups, Non-Profits and Registered Investment Advisors (RIAs). Generally, organizations of under 25 people with limited or shared technical support.
We help Election Officials understand the business demands of building a secured working environment. Rather than trying to make non-technical business managers more technically savvy, we increase their understanding of risk management as it relates to Information Security. Similar to most Cybersecurity Risk Assessments, we are primarily concerned with top-down policies and procedures rather than specific technical tactics.
This program is built to enhance the relationships between Elections Officials, their technical support people and the general public. These sessions are designed to translate into actionable tasks for management and technical support alike. The sessions are also designed to integrate state regulations and compliance initiatives along with the framework of a Cybersecurity Risk Assessment.
We will be developing a Cybersecurity Program together, which will include deliverables such as policies and procedures. We will sign up for federal training and monitoring programs to help protect the availability, integrity and confidentiality of your elections. We will create response documents for use during election day and every day. And we will work with your technical support to make sure your election infrastructure is better protected.
Our work together will raise your district’s cyber maturity while at the same time, hardening your election infrastructure. Our program is based on 10 regular one-hour phone conferences over a period of 3 months. Starting at $3,000, it’s a small commitment to create a solid foundation for continued security growth.
10 Session Schedule Outline and Worksheets
1. Cyber security as a Governance, Risk and Compliance (GRC) practice;
Worksheet: Critical Stakeholders and Election Assets.
2. Understanding a Risk Based Framework and Building a Cyber Program;
Worksheet: Critical Clerk’s Office and Election Functions.
3. Threats and Scenarios; What does Cybersecurity mean for Elections?
Worksheet: Center for Internet Security Risk Assessment Method (“CIS RAM”).
4. CIS, EI-ISAC Membership and CISA Programs;
Worksheet: Registrations and Responsibilities.
5. Designing Policies and Procedures;
Worksheet: Clerk’s Office Ethics Policy;
Worksheet: Clerk’s Office Acceptable Use Policy.
6. The Election Infrastructure Assessment Tool;
Worksheet: Getting started with EIAT.
7. Malware, Ransomware and your Insurance Coverage;
Worksheet: Ransom Procedures.
8. Incident Response Planning;
Worksheet: Election Security Planning Snapshot Poster;
Worksheet: Election Day Emergency Response Guide.
9. Deeper Dive into Mission Critical Services and Controls;
Worksheet: A Handbook for Elections Infrastructure Security.
10. Risk Assessment Review;
Worksheet: Draft Risk Assessment.
Once the initial consulting engagement is complete, follow-up sets of 10 Sessions are available for continued Cybersecurity Program development. Fees are based on travel and client needs.
The follow-up sessions concentrate on the Cyber Resilience Review (CRR) domains:
1. Asset Management
2. Controls Management
3. Configuration and Change Management
4. Vulnerability Management
5. Incident Management
6. Service Continuity Management
7. Risk Management
8. External Dependencies Management
9. Training and Awareness
10. Situational Awareness
Get started today by contacting Scott Madlener at (312) 533-0105.