In a recent discussion on municipal cybersecurity, Marc Pfeiffer highlights the absence of a universal set of controls suitable for every technology environment. He stresses the necessity of maintaining a basic level of tech-environment awareness due to frequent hacker intrusions and technology supplier errors reported in the news. Additionally, some cyber insurance providers require certain minimum standards or services to be part of your control environment.
To assess their current cybersecurity posture, elected officials and chief administrative officers are advised to consult with their tech experts regarding their "minimum cybersecurity control practices." The essential questions to address include:
"Are we doing enough of everything on the list? If not, what else do we need to do?" Furthermore, they should explore "What are our options to meet those deficiencies?" and understand "What are the risks of not fully doing them?"
Pfeiffer recommends that this evaluation be conducted annually before the budget cycle begins, as cybersecurity threats and responses continue to evolve.
