CSA overview and PROCESS

PURPOSE
The purpose of this web page is to provide you with some context of the collection methods involved in the SSO Cyber Security Assessment (CSA) and your role in helping to facilitate the collection of that critical data. Some steps will involve only the primary Point of Contact (POC) from your company while other steps will involve other members of your company – especially if they are working remotely.

OVERVIEW
Through the Cyber Security Assessment (CSA) process, SSO will collect information about your company to determine the level of cyber security risk that exists in your organization today.

To determine the current state of your cyber security posture, we gather information using these methods:

1. CYBER SECURITY SCANS

2. CYBER SECURITY SURVEY

During the Cyber Security Scans, we will gather information about your network and devices using a world class vulnerability scanner. This scanner requires the installation of a “scanning agent” on each device to be included in the CSA. Only devices that are powered on and connected to the internet at the time of the actual scans will be included in the CSA.

During the Cyber Security Survey, we will work with your staff to complete a comprehensive questionnaire to determine your current alignment with the CIS-18 CSCs (Critical Security Controls).

SSO security specialists will analyze the collected data to determine the gaps between the standards for security controls and their implementation at your company. The results of the analysis will be used to identify the appropriate security solutions to be implemented in your organization to close those gaps in order of priority.

CYBER SECURITY SCANS
To start the Cyber Security Scan process, we need your help on two items:

1. An inventory to identify the computers to be included in the scans

2. The installation of the “scanning agent” on those computers

Item 1: Computer Inventory
To prepare the inventory of all computers to be included in the scan, the company POC for this effort should click here for an Excel spreadsheet template for an Excel spreadsheet template to collect the inventory.

If you do not have a current inventory to use as a basis to complete this form, let us know and we’ll work with you to assist.

Item 2: Scanning Agent
The scanning agent must be installed on each computer to be included in the scan. This installation is generally performed by the person who uses the computer on a regular basis or by your IT staff.

The process includes two primary steps:

1. Capture the company-specific information to enter into your agent

2. Download and install the scanning agent for Windows or for Mac

Step 1 Capture company-specific information for your agent
Follow the second link provided to you which will give you access to three critical pieces of information, configured specifically for your company, to use during the scanning agent installation process:

WINDOWS COMPUTER INFORMATION

1. Key = xxx

2. Server = yyy

3. Group = zzz

MAC COMPUTER INFORMATION

1. Script = sudo /Library/NessusAgent/run/sbin/nessuscli agent link --key=996880d05eb33cdfb5fa59443e53c10b6c05fd51524b3cae812bfd3324c91e5c --groups=xxx --host=sensor.cloud.tenable.com --port=443

Step 2: Download the scanning agent for Windows or Mac
The instructions are different for Windows and Mac computers.

• Click here for instructions for Windows machines

• Click here for instructions for Mac OS machines

Executing the Cyber Security Scans
As the scanning agents are installed on the computers to be included in the cyber security scans, they should begin to appear in the Tenable Scanning Engine Dashboard.  SSO security engineers will compare the agents in the dashboard to the prepared inventory list. For an acceptable scan we strive to have agents installed on 85% or more of the inventory.

As we approach the 85% mark, we will collaboratively schedule a day and time to run the scan. The scanning window is a 24-hour time period. For a computer to be included in the assessment, IT MUST BE TURNED ON AND HAVE AN ACTIVE INTERNET CONNECTION during this 24-hour period.

CYBER SECURITY SURVEY
The Cyber Security Survey is performed to evaluate the cyber security controls in place in your company, at the time of the survey, in comparison to the cyber security controls for companies like yours documented in the CIS-18 CSCs cyber security specification. We will use an interview format, via phone, video chat, or in person, to ask you a large number of questions to enable our security engineers to determine the gap between your security controls and those in the specification. Please note that you know your IT and Cyber Security environment better than our team when the process begins. It is only through the CSA process that we develop a comprehensive understanding of your company’s environment.  

We will coordinate a day and time that you are available 1 to 2 hours to complete the questionnaire. We reserve 2 hours to ensure there is enough time and will conclude early if we complete ahead of time.

ACCESSING SUPPORT / ADDITIONAL INFORMATION
For any questions and/or additional information, please contact us at hd@ssowow.com or 858-848-5776 ext 3. We are here, happy to help and look forward to speaking with you.