"Oakland County continues to work collaboratively with four Southeast MI counties and the State of Michigan to make cyber security the number one technology priority. CySAFE will help governments of all sizes protect against security threats."
- L. Brooks Patterson, Oakland County Executive
In the world of cyber security,
organizations often struggle to keep pace with an ever-changing threat
environment. CySAFE was created through a collaborative effort, driven
by five Michigan counties and the State of Michigan to develop a free IT
security assessment tool to help small and mid-sized organizations
assess, understand and prioritize their basic IT security needs.
CySAFE was created from three
well-known IT security frameworks: 20 Critical Controls, ISO 27001 and
NIST. The goal was to combine the 400+ controls from all three
frameworks into one condensed list, removing any redundant controls and
assess the controls against the organization's current IT security
capabilities. Next, the master list of 35 controls were evaluated over
three key factors – cost to implement, time to implement and risk – and
were assigned a number based on each key factor.
Changes in CySAFE 2.0
were three major changes to CySAFE 2.0: 1) Creation of CySAFE Workbook
2) Addition of "Summary of Controls" 3) CySAFE was updated to reflect
the changes made to the three frameworks (20 Critical Controls, ISO
27001 and NIST) along with feedback received by the organizations using
the CySAFE framework for the past three years. Six controls were
deleted and five controls were added. The five new controls are:
- Email and Web Browser Protections
- Penetration Tests and Red Team Exercises
- Physical And Environmental Security
- Monitoring and Review of Third Party Services
This document is provided as a supplementary guide to the CySAFE Security Assessment tool.
Users can use this to document to:
Implement actual controls in their organization
Establish a RACI Matrix for those controls
Document the future initiatives planned to improve the security
Obtain a FREE Copy of the CySAFE Security Tools