July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

July 02, 2020

Subscribe to Latest Legal News and Analysis

CISA Issues First Installment of Cyber Essentials

On Friday, May 29, the Cybersecurity and Infrastructure Security Agency (CISA) issued the first in a series of six Cyber Essentials Toolkits.  These toolkits are described as “bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential,” focused on building a company’s cyber readiness.

The first of these elements, entitled “Essential Element: Yourself, the Leader,” is a short, two-page document packed with advice and links to additional resources.  It lists four essential actions for leaders of organizations:

  • Approach cyber as a business risk;

  • Determine how much of your organization’s operations are dependent on IT;

  • Lead investment in basic cybersecurity; and

  • Build a network of trusted relationships for access to timely cyber threat information.

Added to these is a fifth essential action that leaders should discuss with IT Staff or Service Providers:

  • Lead development of cybersecurity policies.

Each of these five essentials is accompanied by discussion, as well as descriptions of additional resources available on the topic and links to those resources.  These include resources such as a document on “Questions Every CEO Should Ask About Cyber Risks,” the Cyber Readiness Institute and the National Cyber Security Alliance, and of course NIST, the National Institute of Standards and Technology.

Putting it Into Practice:  For a two-page document, the first Cyber Essentials Toolkit is packed with useful information.  Corporate leadership that fears they are not on top of their organization’s cybersecurity should review the document and its resources to launch an initiative to catch up.  Those leaders who believe their cyber readiness is on par should review it to confirm they are doing things right and have not missed a key element for their program.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 154


About this Author

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...