Skip to main content

Prevent Cyber Attacks

Defense in Depth

Follow a “defense in depth” strategy to reduce the likelihood of a successful attack because no one thing can prevent all cyber attacks. The same strategy can also reduce the severity or impact of a successful attack. Defense in depth strategies are available as cybersecurity frameworks. These frameworks are critical to help you create an organized approach to cybersecurity. Your organization may be required to follow a specific framework based on the type of data you create or access. Most nationally recognized frameworks cover the similar concepts. To start your journey, pick a framework and follow the recommendations. 

Michigan Cyber Partners recommends adopting the CIS Critical Security Controls (CIS) cybersecurity framework. The CIS Controls are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Each of the controls is broken down into achievable steps, or safeguards, and are prioritized by implementation groups. Cyber Partners recommends that you start with Implementation Group 1. Learn more about the CIS Controls.

Assessments and Planning

To get started, choose between using a quick self-assessment tool. You may choose to use the CIS Controls framework on your own or hire a qualified third party as your guide and partner. 

  • MISecure Quick Self Audit – Cyber Partners worked with the Michigan Education Technology Leaders on the Quick Self Audit tool, which is a set of approximately 20 questions that follow the CIS Controls and CISA recommendations. The MISecure Quick Self Audit will help you understand the basic layers of protection required for reducing risk, give you an at-a-glance understanding of your posture, and provide a prioritized list of where to focus your next efforts and investments. It is a Google Sheets document that can be saved on Google or downloaded as Microsoft Excel file. 
  • CIS Controls Self-Assessment Tool (CSAT) – The CSAT allows for self-assessment of your CIS Controls implementation based on each control or safeguard, which are prioritized by Implementation Groups. Cyber Partners recommends that you start with Implementation Group 1.
  • Independent Cybersecurity Assessment and Planning Service – Hire one of 10 pre-qualified cybersecurity firms to assess your organization based on the CIS Controls Implementation Group 1, help you develop an annual cybersecurity plan, and provide monthly coaching. Contracts are available through Michigan’s MiDEAL program, which allows local public entities to buy goods and services from state contracts. 

Free Resources for Public Sector Organizations