PREVENTION, MITIGATION AND RESPONSE
 

The JRIC Cyber Intelligence Unit (CIU) supports the prevention, mitigation and response, and remediation cyber security needs of federal, state, local, tribal, and territorial (FSLTT) partner agencies within the JRIC six-county area of responsibility (AOR). The CIU coordinates directly with the California Cybersecurity Integration Center (Cal-CSIC) to offer cyber risk assessments, vulnerability scanning, threat intelligence briefings, and other services to JRIC AOR customers.

Prevention Services:

To schedule a network vulnerability scan or for more information about our cybersecurity services, please email:

cyberprotection@jric.org

Representing the first line of support, the JRICCIU will assist organizations targeted by cyber-attacks with resolving the cyber-threat, or refer the organization to the appropriate external JRIC partner who can resolve the cyber threat. To prevent and mitigate cyber-attacks, the JRIC CIU offers network vulnerability scans and cyber risk assessments through its Cal-CSIC partnership to help strengthen the cybersecurity posture of JRIC partners. JRIC’s CIU analysts produce a detailed report of the findings and will direct the agency to resources tailored to the network’s needs.

Partners can subscribe to receive JRIC CIU products, which include products authored from vetted sources such as the FBI, DHS, and other partners.

The cybersecurity information shared between the JRIC CIU and its SLTT partners increases the safety of information, personnel, and the public. Additionally, the JRIC CIU, in partnership with Cal-CSIC, offers the following services:

  • Cyber-Threat Research;
  • Threat Monitoring;
  • Attack Surface Analysis;
  • Infrastructure Analysis;
  • Intrusion Detection; and
  • Malware Analysis.

Response and Mitigation Services

  • The JRIC CIU, in partnership with the Cal-CSIC, will coordinate with affected JRIC AOR entities to identify the cyber threat, and assist with the containment, eradication, and recovery process as requested.
JRIC AOR entities include, but are not limited to:
  •  K-12 schools (public and private)
  • State, County, City and Tribal agencies and entities
  • Law enforcement agencies
  • Critical infrastructure or Election infrastructure
  • Special districts
  • Non- and not-for-profit agencies
  • Private entities that have a significant impact to the public

Remediation/After-Action Services

  • The JRIC CIU, in partnership with the Cal-CSIC, will assist affected entities with conducting a lessons-learned analysis to review the effectiveness and efficiency of incident handling. The primary objectives for the analysis include:
    • Ensuring root-cause has been eliminated or mitigated;
    • Identifying infrastructure problems to address;
    • Identifying organizational policy and procedural problems to address;
    • Reviewing and updating roles, responsibilities, interfaces, and authority to ensure clarity;
    • Identifying technical or operational training needs;
    • Improving tools required to perform protection, detection, analysis, or response actions;
    • Providing information and intelligence reports to the JRIC AOR, and other partners as necessary.
 

CyberSecurity Best Practices

Basic:

  • Inventory and control of hardware assets
  • Inventory and control of software assets
  • Continuous vulnerability management
  • Controlled use of admin privileges
  • Secure configurations for hardware/software on mobile devices, laptops, workstations, and servers
  • Maintenance, monitoring, and analysis of audit logs

Foundational:

  • Email and web browser protections
  • Malware defenses
  • Limitation and control of network ports, protocols, and services
  • Data recovery capabilities
  • Secure configuration for network devices, such as firewalls, routers, and switches
  • Boundary defense
  • Data protection
  • Controlled access based on the need to know
  • Wireless access control
  • Account monitoring and control

ADDITIONAL RESOURCES: