CSA overview and PROCESS

OVERVIEW
To give the Cyber Security Assessment process some context, this page describes what happens (and what’s involved) in making your CSA as successful as possible. We want to use this as an opportunity to be on same page to ensure you and your team are aware, and avoid any surprises.

To determine the current state of your cyber security posture, we gather information using three methods:

1. Gather information from electronic scans on your network and devices

2. Complete a comprehensive questionnaire on your alignment with the CIS-18 safeguards

3. Perform careful observations of your physical environment

When this data is collected, SSO security specialists analyze the data to determine the gaps between the standards for security controls and their implementation at your company. Further analysis will identify the appropriate security solutions to be implemented in your organization and the prioritized order in which they should be implemented. Of course, consideration is given to the current state of implementation and the extent to which controls are implemented.

CYBER SECURITY SCANS
For the Cyber Security Scan part, there are 2 items we need from you

1. An inventory of all computers to include in the scan. Click here for an Excel spreadsheet template to assist.
   If you do not have an inventory, let us know and we’ll work with you to assist best we can..

2. To install the agent on each computer included in the scan.
   The agent can be downloaded here: https://www.tenable.com/downloads/nessus-agents?loginAttempted=true

On that page, under the Nessus Agents - 10.1.2 category

• For Windows computers, select the NessusAgent-10.1.2-x64.msi agent

• For Mac OS computers, select the NessusAgent-10-1.2.dmg agent

INSTALLATION INSTRUCTIONS

• Click here for instructions on how to install the Windows agent

• Click here for instructions on how to install the Mac OS agent

As agents get installed, we will verify they are reporting in our dashboard and compare that to the inventory. list. For an optimal scan we strive to have agents installed on 85% or more of the inventory.

As we approach the 85% mark, we will collaboratively schedule a day/time to run the scan. The scanning window is a 24-hour time period. For a computer to be scanned, IT MUST BE TURNED ON AND HAVE AN ACTIVE INTERNET CONNECTION during this 24-hour period.

CYBER SECURITY SURVEY
The Cyber Security Survey is a interview we will walk through together. It includes a series of questions that will help identify other aspects of your organization, that contribute to the overall scoring of your assessment.

We will coordinate a day/time that you are available 1 to 2 hours for the interview. We reserve 2 hours to ensure there is enough time. and can break early if we complete ahead of time.

PHYSICAL SECURITY SURVEY
The Physical Security Survey looks at your physical location from a security perspective. This provides a unique insight into overall operations, and how we can work to improve your organization’s overall security posture.

The Physical Security Survey process includes 2 parts.

1. The first is an 8 part questionnaire we will work collaboratively to capture information and document the physical environment.

2. We will coordinate a day/time that you are available .5 to 1 hour. In this, you will have a mobile phone that can take pictures. We will walk you through the office and advise where (and what) to take pictures of. Common areas of focus include:

• Front entry, exit and emergency exit doors

• Front lobby check-in

• External and internal Camera systems

• Server room(s) and their access

• Workstations, cubicles, offices and access into executive offices.

ACCESSING SUPPORT / ADDITIONAL INFORMATION
For any questions and/or additional information, please contact us at hd@ssowow.com or 858-848-5776 ext 3. We are here, happy to help and look forward to speaking with you.