GETTING STARTED – CYBER TREAT 
              ASSESSMENTS
              • What is a Cyber Threat Assessment?
              • A Cyber Threat Assessment is a specialized version of a Risk Assessment.  
                Agencies and Organizations should be taking a close look at their computer 
                systems, remote access services and cloud based accounts.  “From exposing 
                weaknesses in systems to issues with compliance, a cybersecurity threat 
                assessment enables organizations to uncover hidden vulnerabilities in people, 
                processes and technology – before a malicious actor can exploit them.”1
              1
                https://www.optiv.com/security-threat-assessment
      CYBER THREAT ASSESSMENTS – 
               WHAT DO YOU NEED TO DO?
      • #1 – Characterize EACH of your data systems (what kind of data, who uses it, vendor, 
       retention policy, where does the data come from and where does it go, where is it 
       stored, where and how is it backed-up), pre-determine the data recovery process
      • #2 – Identify threats and exploits (i.e. unauthorized access, data exposure, and 
       disruption of service)
      • #3 – Determine risk impact (impacts if the threat was exercised: High, Medium, or 
       Low)
      • #4 – Analyze the environment (identify threat prevention, detection, mitigation)
      • #5 – Determine a likelihood rating (how likely is a given exploit)
      • #6 – Calculate your risk rating
      • Impact (if exploited) * Likelihood (of exploit) = Risk Rating
     CYBER INCIDENT ACTION PLAN
     • Your agency has done all the right things, Cybersecurity Threat 
      Assessments, end user training but the bad actors have succeeded and 
      you find yourself a victim of a cyber-attack.  Now what do you do?
     • You follow your Cybersecurity Incidence Response Plan!
     • An effective response plan needs to guide company personnel at all 
      levels in managing a potential data breach in a way that supports rapid 
      and thoughtful response activities.
      CYBER INCIDENT ACTION PLAN – 
                   WHERE TO START?
      Phase 1:  Prepare
      This phase will take the most work, it’s not easy!   
      Whether an agency prepares their own Incident Action Plan, or if a 
      professional contract is put in place, there are steps to consider in plan 
      development.  
      Before beginning formal planning, ECC, PSAP/9-1-1, LMR managers should 
      discuss cyber threats with their agency’s or department’s senior  managers, 
      their servicing IT departments, IT vendors, and with  budget officials to 
      ensure planning is understood at various management levels, especially as 
      regards the issue of ransom demands. 
      These policy discussions can help define and qualify responsibilities 
      (especially vendors’ contractual responsibilities for cyber security) before 
      having to deal with an attack.
    PHASE 2: IDENTIFY
    Identification or detection of a data breach looks for 
    deviations from normal operations and activities.