Cybersecurity
Overview
Cyber attacks are one of the biggest threats to government operations today, and the security of government information systems is an urgent focus for agency leaders and technical experts. For many, however, the response to cybersecurity has too often been to throw money and technology at the problem without paying the proper attention to preparing the organization and agency leaders for new cybersecurity practices and revising governance structures to make better risk-based decisions.
LGI brings together the experience of cybersecurity trainers, risk management consultants, strategy and communications specialists, and policy experts to provide the highest quality cybersecurity support. Lafayette Group thrives on helping leaders and managers improve cybersecurity readiness at all levels of their organizations. We build and help implement governance groups, response and escalation procedures, concepts of operations, and outreach materials pertinent to our clients and their needs. We aim to make cybersecurity straightforward and accessible. Furthermore, we provide hands-on, in-the-field training and exercises to ensure your entire organization is cyber ready and can continue to build the capacity and maturity of your cybersecurity program.
Example products LGI delivered to our federal, state, and local government clients:
• Cybersecurity organizational readiness assessments
• Cybersecurity strategic plans, roadmaps, work breakdown structures, policies, and procedures
• Strategic communications, outreach strategies, and stakeholder engagement
• Concepts of operations
• Incident response and crisis management plans (includes media relations)
• Risk registers and risk scoring/management procedures
• Policy and technical assistance and training packages
• Cybersecurity leadership training and facilitation
• Cybersecurity exercises
• Pocket guides, playbooks, field tools, alerts and bulletins
• Data analytics and dashboard visualizations
• Program metrics collection and communication
• Infographics, fact sheets, briefings, talking points, videos, and other communications products
Capabilities
Strategic Planning for Cybersecurity Programs
To be successful at implementing effective cybersecurity programs, agencies need senior leadership commitment, effective governance structures, and integrated cybersecurity risk management processes across all organizational components. To address these challenges, LGI helps federal, state and local agency leaders develop cybersecurity strategic plans, roadmaps, policies, and procedures that enable implementation of new and expanded cybersecurity initiatives across their organizations. By defining a concrete strategic direction aligned with their mission and vision, our clients are able to outline measurable goals to reduce cybersecurity risk without impeding operations or breaking their budgets.
Readying Organizations to Implement Cybersecurity Practices & Tools
Implementing cybersecurity tools, capabilities, and new processes across an organization is a complex endeavor. Not only do leaders have to oversee the installation and monitoring of the latest cybersecurity tools, but they need to update and build decision-making processes (such as risk scoring) at the organizational level to help mitigate critical vulnerabilities and ensure information systems are adequately secure. LGI helps leaders understand how to communicate cybersecurity risk up to executive leadership and across the organization to effect the cultural changes needed to make cybersecurity practices into daily activities. Lafayette Group helps agencies build capabilities across the organization to achieve cybersecurity readiness and ultimately work toward improving their overall cybersecurity risk posture.
Strategic Communications & Outreach to Cybersecurity Stakeholders
LGI helps agency leaders effectively communicate and promote cybersecurity program activities across their organization to users and to customers. We provide a full package of strategic communications expertise, including stakeholder engagement, strategic messaging, collateral design and production, graphic design, video production, media relations and analysis, working group support, and event management. We build and track comprehensive measures and metrics for cybersecurity programs accompanied by the analytical depth to understand the data and communicate successes and areas for improvement to leaders and customers.
Cybersecurity Direct Assistance & Training
We recognize that cybersecurity success across federal, state, and local agencies is contingent on the users’ and employees’ understanding of cybersecurity threats and vulnerabilities and the practices and tools needed to mitigate them. We specialize in on-the-ground technical assistance, developing user guides, concepts of operations, white papers, and playbooks for customer agencies to help users learn new procedures and implement decision-making practices. We have performed several thousand technical assistance and training engagements for leaders, operators, and technical staff. We approach training and assistance from a user point of view, first ensuring that the information is easy to understand and implement. We offer custom training and assistance packages that include facilitated workshops, one-on-one meetings, small group sessions, and conference presentations. LGI also provides cybersecurity tabletop exercises and leadership-focused training workshops.
Project Insights
State and Local Cybersecurity Guidance
LGI supported the National Consortium for Advanced Policing with the development of the Cybersecurity Guide for State and Local Law Enforcement, published in June 2016. Through collaboration with the Major Cities Chiefs Association and the Center for Cyber and Homeland Security at The George Washington University, our team provided tailored cybersecurity training and support to state and local law enforcement agencies. Lafayette Group also facilitated and supported numerous workshops and hands-on technical training opportunities for cybersecurity programs, including Public Safety Communications Cybersecurity Workshops—providing awareness and skills development for fostering better practices in cybersecurity programs and communications.