State and Local Cybersecurity Grant Program Survey Your participation will assist the development of the Cybersecurity Grant Program. Please answer all the questions in the survey. Thank you. Question Title * 1. Contact Information Name Title County (place of work) Email Address Phone Number Question Title * 2. Identify your agency or organization? County Government Municipal Government PEMA GOHS PSP OA/EISO PA National Guard Dept. of Education Dept. of Health Dept. of Human Services Dept. of Community and Economic Development County Commissioners Association of PA (CCAP) PA State Association of Township Supervisors (PSATS) PA State Association of Boroughs (PSAB) PA Association of Intermediate Units (PAIU) Central Susquehanna Intermediate Unit (CSIU) US Dept. of Homeland Security/Cybersecurity & Infrastructure Security Agency (DHS/CISA) Other (please specify) Question Title * 3. Rank your Top Cybersecurity Capabilities that you are interested in advancing in your organization. 1Shared Services - Security Operations Center (SOC) - A statewide service with a command center supported by expert information security (infosec) resources who monitor, analyze, and protect organizations from cyber-attacks for those who participate in the program.Move up Shared Services - Security Operations Center (SOC) - A statewide service with a command center supported by expert information security (infosec) resources who monitor, analyze, and protect organizations from cyber-attacks for those who participate in the program.Move down Shared Services - Security Operations Center (SOC) - A statewide service with a command center supported by expert information security (infosec) resources who monitor, analyze, and protect organizations from cyber-attacks for those who participate in the program.2Employee Security Awareness Training & Phishing Exercises - Ex. Cofense - An online learning management (LMS) solution that provides security awareness training for employees through phishing simulations, videos, and other materials.Move up Employee Security Awareness Training & Phishing Exercises - Ex. Cofense - An online learning management (LMS) solution that provides security awareness training for employees through phishing simulations, videos, and other materials.Move down Employee Security Awareness Training & Phishing Exercises - Ex. Cofense - An online learning management (LMS) solution that provides security awareness training for employees through phishing simulations, videos, and other materials.3Cybersecurity Training for Law Enforcement and Local Government Technology Resources - Expert cybersecurity training throughout the state on cybersecurity tools, trends, resources, incident response, mitigation, log analysis, forensics, etc.Move up Cybersecurity Training for Law Enforcement and Local Government Technology Resources - Expert cybersecurity training throughout the state on cybersecurity tools, trends, resources, incident response, mitigation, log analysis, forensics, etc.Move down Cybersecurity Training for Law Enforcement and Local Government Technology Resources - Expert cybersecurity training throughout the state on cybersecurity tools, trends, resources, incident response, mitigation, log analysis, forensics, etc.4Security Incident & Event Management (SIEM) Monitoring - A statewide service for infrastructure and application log collections and analysis, including alerting of possible cybersecurity threats.Move up Security Incident & Event Management (SIEM) Monitoring - A statewide service for infrastructure and application log collections and analysis, including alerting of possible cybersecurity threats.Move down Security Incident & Event Management (SIEM) Monitoring - A statewide service for infrastructure and application log collections and analysis, including alerting of possible cybersecurity threats.5Vulnerability Management Programs and Services - A shared process for identifying, evaluating, reporting, and responding to security vulnerabilities that have been identify for participating organizations.Move up Vulnerability Management Programs and Services - A shared process for identifying, evaluating, reporting, and responding to security vulnerabilities that have been identify for participating organizations.Move down Vulnerability Management Programs and Services - A shared process for identifying, evaluating, reporting, and responding to security vulnerabilities that have been identify for participating organizations.6Albert Sensors - Offerings and Longer Term Funding - 24x7 network monitoring and alerting services offered by the Center for Internet Security (CIS), with threat correlation from across the country.Move up Albert Sensors - Offerings and Longer Term Funding - 24x7 network monitoring and alerting services offered by the Center for Internet Security (CIS), with threat correlation from across the country.Move down Albert Sensors - Offerings and Longer Term Funding - 24x7 network monitoring and alerting services offered by the Center for Internet Security (CIS), with threat correlation from across the country.7Multi-Factor Authentication (MFA)Move up Multi-Factor Authentication (MFA)Move down Multi-Factor Authentication (MFA)8Network Access Control (NAC) SolutionsMove up Network Access Control (NAC) SolutionsMove down Network Access Control (NAC) Solutions9Configuration ManagementMove up Configuration ManagementMove down Configuration Management10Cybersecurity Incident Response & Management - Creation of incident response templates and resources that would be available to all organizations, along with the development of taskforces that can be formed to help mitigate and respond to major cyber incidents across the state.Move up Cybersecurity Incident Response & Management - Creation of incident response templates and resources that would be available to all organizations, along with the development of taskforces that can be formed to help mitigate and respond to major cyber incidents across the state.Move down Cybersecurity Incident Response & Management - Creation of incident response templates and resources that would be available to all organizations, along with the development of taskforces that can be formed to help mitigate and respond to major cyber incidents across the state.11Endpoint Detection & Response/Malware Defense - Shared end point detection/protection services, with monitoring and response services, at the state level, or by participation in national programs offered by federal partners.Move up Endpoint Detection & Response/Malware Defense - Shared end point detection/protection services, with monitoring and response services, at the state level, or by participation in national programs offered by federal partners.Move down Endpoint Detection & Response/Malware Defense - Shared end point detection/protection services, with monitoring and response services, at the state level, or by participation in national programs offered by federal partners.12Data ProtectionMove up Data ProtectionMove down Data Protection13Privileged Account Monitoring (PAM) & ControlMove up Privileged Account Monitoring (PAM) & ControlMove down Privileged Account Monitoring (PAM) & Control14Creation of regional taskforces and grants for regional cyber efforts, fostering collaboration, education, response, etc.Move up Creation of regional taskforces and grants for regional cyber efforts, fostering collaboration, education, response, etc.Move down Creation of regional taskforces and grants for regional cyber efforts, fostering collaboration, education, response, etc.15Creation and adoption of a formal PA cybersecurity framework, including the development of cyber plans, templates, processes, and communication strategies, along with plans on how to shift mindsets and the workplace culture around cybersecurity and best practices for county leadership and employeesMove up Creation and adoption of a formal PA cybersecurity framework, including the development of cyber plans, templates, processes, and communication strategies, along with plans on how to shift mindsets and the workplace culture around cybersecurity and best practices for county leadership and employeesMove down Creation and adoption of a formal PA cybersecurity framework, including the development of cyber plans, templates, processes, and communication strategies, along with plans on how to shift mindsets and the workplace culture around cybersecurity and best practices for county leadership and employees16Regional backup of critical services and solutions, including DR servicesMove up Regional backup of critical services and solutions, including DR servicesMove down Regional backup of critical services and solutions, including DR services17Standardized planning and support for implementing different security best practicesMove up Standardized planning and support for implementing different security best practicesMove down Standardized planning and support for implementing different security best practices18.gov initiative (DHS CISA) - county and municipal governments onlyMove up <em>.gov</em> initiative (DHS CISA) - county and municipal governments onlyMove down <em>.gov</em> initiative (DHS CISA) - county and municipal governments only Question Title * 4. List an additional cybersecurity capability that is important to your organization but is not listed above. Question Title * 5. What is your role in cybersecurity? Administrative Oversight Response Capabilities Mitigation Support Outreach Support Other (please specify) None of the above Question Title * 6. Does your agency or organization support cybersecurity initiatives to the following entities? Government (municipal, county, state) School Districts Hospitals or health systems All of the above None of the above Done
