What is Cybersecurity?
Cybersecurity processes and technologies help protect systems from unauthorized access and cyber crime. It is the protection of devices, applications and data that are part of an interconnected system.
Why does it matter?
Businesses with a strong cybersecurity plan are able to identify and mitigate risks and respond to threats and attacks, to reduce downtime and costs often associated with a cyber attack.
Where will it take me?
Cybersecurity planning raises the role of security in an organization, to ensure that all employees, including business leaders, take part in keeping data, devices, applications and processes protected from disruption.
Cybersecurity Planning and Cyber Resiliency
Small businesses are increasingly becoming targets of cyber attacks. The latest data shows that 43% of all cyber attacks have been perpetrated against small business. About 60% of these small businesses lack the cyber resiliency to survive and cannot recover. (Verizon’s Data Breach Investigations Report) Cyber resiliency is a business’ ability to prepare for, respond to, and recover from cyber attacks. Limiting the impact of an attack, defending against attacks and continuing operation after attacks are all part of a business’ resiliency.
Cybersecurity: How to Protect Against Phishing Attacks
Course Details:
1 Professional Development Hour for Engineers – PDH
NC State University is certified by the North Carolina Board of Registration for Professional Engineers and Land Surveyors (NCBELS) as a provider of PDH Continuing Education Units.
$49 per person
This course is delivered on-demand, electronically.
Learn how to identify phishing attacks, as well as how to avoid becoming a victim of a cyber breach
Free Resources
TRACKS-CN: Resources for Students and Educators Cyber4RAM
A new credential for cyber awareness at the convergence of robotics/automation and cybersecurity
More Resources for Small Businesses and Manufacturers
DFARS Cybersecurity Requirements and CMMC
Clause 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting
If your company provides products being sold to the Department of Defense (DoD), you are required to comply with the minimum cybersecurity standards set by DFARS.
All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards. Contractors who do not meet these minimum standards risk losing their DoD contracts and losing out on future contract bids.
This DFARS subpart applies to contracts and subcontracts requiring contractors and subcontractors to safeguard covered defense information that resides in, or transits through, covered contractor information systems by applying specified network security requirements. It also requires reporting of cyber incidents.
DFARS provides a set of adequate security controls to safeguard information systems where contractor data resides. Based on NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations”, manufacturers must implement these security controls through all levels of their supply chain.
DFARS requirements also include developing a plan of actions and milestones (POAM) and system security plan (SSP).
DFARS: Additional Resources:
- DIBNet Portal: the official gateway for reporting cyber incidents for DoD contractors and sub-contractors
- The DoD Frequently Asked Questions web page addresses common questions on the implementation of DFARS cybersecurity requirements
- NIST documents for protecting controlled unclassified information in nonfederal systems and organizations:
The Cybersecurity Maturity Model Certification (CMMC) 2.0 aims to protect Federal Contract Information [FCI], unclassified information that is to be protected from public disclosure, and Controlled Unclassified Information [CUI], information that requires safeguarding or dissemination controls.
While DFARS 252.204-7012 allowed businesses to “self-attest” to compliance with NIST SP 800-171, CMMC 2.0 will require businesses to demonstrate compliance according to a three-tiered maturity system which will require “triennial third-party assessments for critical national security information; annual self-assessment for select programs.” Any organization in the DoD supply chain that processes, stores and/or transmits CUI as well as any organization that provides protection for CUI/FCI are required to demonstrate their compliance with CMMC.
There are three levels within the CMMC. The most common expectation will be for businesses to demonstrate compliance with level 2, demonstrating cybersecurity practices in line with the 110 controls within NIST 800-171 prior to being awarded a contract. The required level for a contract will be determined by the type and amount of CUI a contractor will handle during the contract and will be stated in the contract.
CMMC: Additional Resources:
Contact us today to get started on your journey to Cybersecurity education and compliance!