CySAFE for Business

​​​​​​​​​​​​​​​​​​​CySAFE for Business​​In the world of cyber security, organizations often struggle to keep pace with an ever-changing threat environment.  CySAFE was created through a collaborative effort, driven by five Michigan counties and the State of Michigan to develop a free IT security assessment tool to help small and mid-sized organizations assess, understand and prioritize their basic IT security needs.

CySAFE was created from three well-known IT security frameworks:  20 Critical Controls, ISO 27001 and NIST.  The goal was to combine the 400+ controls from all three frameworks into one condensed list, removing any redundant controls and assess the controls against the organization's current IT security capabilities.  Next, the master list of 35 controls were evaluated over three key factors – cost to implement, time to implement and risk – and were assigned a number based on each key factor.  

Changes in CySAFE 2.0

There were three major changes to CySAFE 2.0:  1) Creation of CySAFE Workbook 2) Addition of "Summary of Controls" 3) CySAFE was updated to reflect the changes made to the three frameworks (20 Critical Controls, ISO 27001 and NIST) along with feedback received by the organizations using the CySAFE framework for the past three years.  Six controls were deleted and five controls were added.  The five new controls are:

  • Email and Web Browser Protections
  • Penetration Tests and Red Team Exercises
  • Physical And Environmental Security
  • Monitoring and Review of Third Party Services 
  • Compliance

CySAFE Workbook

This document is provided as a supplementary guide to the CySAFE Security Assessment tool.
Users can use this to document to:

  • Implement actual controls in their organization
  • Establish a RACI Matrix for those controls
  • Document the future initiatives planned to improve the security

Obtain a FREE Copy of the CySAFE Security Tools

G2G Cloud Solutions Information Request