Pragmatic Cyber Security Webinar Series

The Pragmatic Cyber Security series is sponsored by CISA's Cybersecurity Division's Vulnerability Management subdivision, which works to provide cybersecurity guidance, assistance, and support to organizations across the nation working to manage, prevent and respond to cybersecurity risks. The threats and risks to our controls systems and infrastructure are real and more evident in the news than ever before.

This Pragmatic Cyber Security webinar series outlines the challenges faced by owners/operators of critical infrastructure and national critical functions and how CISA is adapting to meet them where they are and put them on a path buy down risk.

Pragmatic Cyber Security Series Introduction

Dr. David Mussington, CISA Executive Assistant Director for Infrastructure Security provides opening remarks for the Pragmatic Cyber Security series and its relevance to CISA's Infrastructure Security month.

Pragmatic Cyber Security

Joshua Corman, the Chief Strategist on the CISA COVID Task Force, introduces the Pragmatic Cyber Security series, including background on the CISA COVID Task Force, why CISA developed these pragmatic tools – such as Bad Practices and Stuff Off Search -- for healthcare organizations involved in COVID-19 care, and their use for broader critical infrastructure industries.

Bad Practices

Beau Woods, a Senior Advisor at CISA discusses CISA's Bad Practices initiative, introducing the philosophy behind the development of CISA's current catalog of Bad Practices, based on the understanding that organizations have limited resources to identify and mitigate all risks but also need essential basic elements to their strategic approach to security.

Stuff-Off-Search Introduction

Kendra Martin, the risk management lead on the CISA COVID Task Force, presents a high-level management overview of CISA's Stuff of Search publications, which address how remote connectivity of entities industrial control systems and other cyber assets may expose you to accidents and adversaries, and provide guidance on how companies can reduce attack surfaces and hardening best practices.

Stuff-Off-Search Demonstration

Gabriel Davis is the Risk Operations Team Lead within CISA's Cybersecurity Division, Vulnerability Management, Insights Branch. With a background in risk and vulnerability management, Gabe presents a technical overview of CISA's SOS (Stuff of Search) documents, including a demonstration of these search engine capabilities.

Tabletop Exercises

Lisa Young, a senior advisor to the CISA COVID-10 Task Force, discusses the scenario-based, self-service CISA Tabletop Exercise Package (CTEP). CTEP provides templates to assist critical infrastructure owners and operators in creating their own tabletop exercises to better understand the impacts from both cyber and physical security incidents before they materialize. CTEP allows users to assess, develop, and update information sharing processes, emergency plans, programs, policies, and procedures.

Pragmatic Cyber Security Case Study

Ayan Islam is a Critical Infrastructure Portfolio Lead within CISA's Cybersecurity Division, Vulnerability Management, Insights Branch. To tie together the information shared in the prior Pragmatic Cyber Security presentations, Ayan shares some case studies and discuss the recent CISA advisory on the Water and Wastewater Systems sector.