The first step is to identify your critical processes, the systems on which they depend, and their vulnerabilities.
Incident Preparedness & Response
The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook outlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.
Cyber Tabletop Exercises
Cyber Tabletop Exercises (TTX), are a way to evaluate your cyber response plan with scenarios that identify gaps between what you’ve planned for and what can actually happen, practice roles and responsibilities, and improve communications throughout organizations.
Cyber Operations Rapid Assessment (CORA)
CORA is a tool to assess your overall cyber security operations and infrastructure.
Crown Jewels Analysis (CJA)
Crown Jewels Analysis (CJA) is a process for identifying those cyber assets that are most critical to the accomplishment of an organization’s mission.
Cyber Resilience Review (CRR)
The Department of Homeland Security/Cybersecurity and Infrastructure Security Agency (DHS/CISA) offers a Cyber Resilience Review. CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.
Ransomware Techniques in ATT&CK
We have created a specific view within the ATT&CK Navigator that shows some of the known ransomware actors and their tactics and techniques.
NIST Data Integrity: Identifying and Protecting
This NIST Ransomware Practice Guide shows how organizations can develop and implement appropriate actions/technologies to remediate gaps in an organization cybersecurity implementation using existing commercial products, which can be deployed before a detected cybersecurity event.