San Diego Cyber Clinic

A cybersecurity risk assessment is the process of identifying, analyzing, and evaluating potential threats and vulnerabilities to an organization’s information systems and data. It involves assessing the likelihood and impact of various cyber threats, such as malware, phishing attacks, or data breaches, to determine the overall risk level. Organizations use this assessment to prioritize their security efforts, allocate resources effectively, and implement appropriate safeguards to mitigate identified risks. For example, an organization might conduct a risk assessment to discover weak points in their network security, such as outdated software or inadequate access controls. Based on the findings, they can develop a targeted action plan to update software, strengthen passwords, and enhance employee training on cybersecurity best practices. By regularly conducting risk assessments, organizations can stay ahead of emerging threats and maintain a robust security posture.

Cybersecurity incident response planning involves creating a structured approach for identifying, managing, and mitigating the impact of security incidents, such as data breaches or cyberattacks. This plan outlines the roles, responsibilities, and procedures that an organization must follow during an incident to minimize damage, recover quickly, and prevent future occurrences. An organization uses this plan to ensure a swift and efficient response to security threats. For instance, if a data breach occurs, the incident response plan would guide the team in isolating affected systems, notifying stakeholders, investigating the breach, and restoring normal operations. By having a well-defined incident response plan, organizations can reduce downtime, protect sensitive information, and maintain customer trust and regulatory compliance.

Disaster recovery planning involves creating a comprehensive strategy to restore critical business operations and IT systems after a significant disruption, such as a natural disaster, cyberattack, or hardware failure. This plan details the procedures and resources needed to recover data, maintain communication, and resume normal operations as quickly as possible. An organization uses disaster recovery planning to ensure business continuity and minimize downtime during unexpected events. For instance, if a cyberattack cripples the organization’s network, the disaster recovery plan would guide the team in activating backup systems, restoring data from secure backups, and communicating with employees and customers about the status and steps being taken. By having a robust disaster recovery plan, organizations can safeguard their assets, reduce financial losses, and maintain operational stability and customer trust.

A project to design and recommend the implementation of security controls uses a cybersecurity risk assessment to develop a tailored security framework to address identified vulnerabilities and threats. This project develops or uses a cybersecurity risk assessment gap analysis to pinpoint weaknesses and potential attack vectors. Based on these findings, specific security controls—such as firewalls, intrusion detection systems, encryption protocols, and access management solutions—are designed and recommended to bolster the organization’s defenses. The project also includes creating detailed implementation plans, timelines, and resource allocations, along with recommendations for monitoring and maintaining the effectiveness of the security controls. By executing this project, the organization aims to enhance its overall security infrastructure, ensuring robust protection against cyber threats and compliance with relevant regulations.

A penetration test project involves simulating cyberattacks on an organization’s IT systems to identify and exploit vulnerabilities before malicious actors can do so. The project begins with defining the scope, including the systems, networks, and applications to be tested. Clinic students then use various techniques and tools to probe for weaknesses, such as unpatched software, misconfigurations, or weak passwords. The findings are documented in a comprehensive report detailing each vulnerability, its potential impact, and recommendations for remediation. The goal of the penetration test is to provide the organization with actionable insights to strengthen its security posture, address identified weaknesses, and protect against real-world cyber threats.

An OSINT threat surface assessment involves systematically collecting and analyzing publicly available information to identify and evaluate potential vulnerabilities and threats to an organization’s digital presence. The project begins with defining the scope, including the organization’s online assets such as websites, social media profiles, and publicly accessible systems. OSINT tools and techniques are then used to gather data from various sources like forums, social media, news sites, and databases. This data is analyzed to uncover exposed sensitive information, misconfigurations, and signs of potential threats such as phishing campaigns or planned cyberattacks. The assessment results in a detailed report outlining identified risks, their potential impact, and actionable recommendations to mitigate these threats. By conducting an OSINT threat surface assessment, the organization gains valuable insights into its external exposure and can proactively enhance its security measures to protect against identified vulnerabilities.

A CMMC (Cybersecurity Maturity Model Certification) readiness assessment is the process of evaluating an organization’s cybersecurity practices against the CMMC framework requirements to identify compliance gaps. It involves examining existing security controls, documentation, and processes to determine which areas meet CMMC standards and which require improvement. Organizations use this assessment to understand their current security posture and develop a roadmap for certification. For example, a defense contractor might conduct a readiness assessment to evaluate their compliance with Level 1 practices, such as access control and identification protocols. Based on the findings, they can prioritize remediation efforts, implement missing controls, and develop required documentation. This service provides support for Level 1 self-assessments and helps organizations prepare for higher-level assessments, though it does not include official CMMC accreditation or attestation.

CMMC documentation support involves creating and organizing the policies, procedures, and evidence required to demonstrate compliance with CMMC certification requirements. This service helps develop System Security Plans (SSPs), document security control implementations, and establish other required documentation tailored to the specific CMMC level being pursued. For instance, if an organization needs to document their access control policies for CMMC Level 1, the service can help create appropriate documentation that outlines the policies, implementation details, and evidence of compliance. Through proper documentation, organizations can streamline their certification process and demonstrate their commitment to cybersecurity best practices while meeting regulatory requirements.

Cybersecurity policy development and recommendations for implementation involve creating a comprehensive set of guidelines and protocols to protect an organization’s information assets and ensure compliance with regulatory standards. Based on the organization’s existing security program along with regulatory and compliance requirements, detailed policies covering areas such as data protection, access control, incident response, and employee training are crafted. These policies are designed to address identified risks and provide clear instructions for maintaining security across the organization. Recommendations for implementation include steps for integrating these policies into daily operations, ensuring staff awareness and compliance through training programs, and establishing mechanisms for regular review and updates. This approach ensures a proactive and structured method to safeguard the organization’s digital assets and maintain robust cybersecurity practices.

AI risk management helps organizations understand and reduce the risks that come with using artificial intelligence tools. Just like other technology, AI can make mistakes, be misused, or be targeted by cyberattacks—and those issues can hurt your operations, your compliance with laws, or your reputation. Our process starts by looking at how your organization uses AI—whether that’s for automating tasks, making decisions, or analyzing data. Using trusted guidelines like the NIST AI Risk Management Framework, we identify where problems could occur—such as bias in results, over-reliance on automation, or security weaknesses—and pinpoint specific AI-related threats to your organization, like deepfake misuse, data leaks, or manipulation of AI-generated outputs. Then, we give you a clear, prioritized plan to address those risks. Depending on your needs, the Clinic can also work with your team to develop clear AI policies that set expectations for responsible and safe use of AI in your organization. And, we can help design AI use cases that align with your mission and goals, so you can take advantage of AI’s benefits while minimizing potential downsides. For example, if a nonprofit is using AI to screen applications, we might recommend steps to ensure fair results, add human review, and protect sensitive data. The goal is to make sure your AI tools are safe, fair, and reliable—so they help your mission, not create new problems.

A security awareness training project aims to educate employees about cybersecurity best practices and the importance of maintaining a secure digital environment. The project begins with an assessment of the organization’s current security awareness levels and identifies key areas where knowledge gaps exist. Based on this assessment, a tailored training program is developed, encompassing topics such as recognizing phishing attempts, creating strong passwords, safe internet browsing, and responding to security incidents. The training is delivered through various methods, including workshops, e-learning modules, and interactive sessions, to ensure engagement and retention. The project also includes regular evaluations to measure the effectiveness of the training and updates to the program to address emerging threats. By enhancing employees’ awareness and understanding of security risks, the organization aims to create a culture of security mindfulness, significantly reducing the likelihood of successful cyberattacks.

A cybersecurity hygiene program performance indicators and metrics evaluation project involves assessing the effectiveness of an organization’s cybersecurity practices by analyzing key performance indicators (KPIs) and metrics. The project begins with identifying critical KPIs and metrics that align with the organization’s security objectives, such as the number of detected vulnerabilities, patch management efficiency, incident response times, and employee adherence to security protocols. Data is then collected from various sources, including security tools, incident logs, and compliance audits, to measure these indicators. The analysis involves comparing current performance against benchmarks and identifying trends, gaps, and areas for improvement. The findings are summarized in a comprehensive report, offering insights into the strengths and weaknesses of the current cybersecurity hygiene program and providing recommendations for enhancing its effectiveness. This evaluation enables the organization to continuously improve its security posture by making data-driven decisions and implementing targeted improvements.

A cybersecurity product evaluation project involves systematically assessing various cybersecurity solutions to determine their suitability for an organization’s specific needs. The project begins with defining the organization’s security requirements and criteria for evaluation, such as performance, scalability, ease of integration, and cost-effectiveness. A shortlist of potential products is then created, and each product undergoes rigorous testing in a controlled environment to evaluate its features, capabilities, and effectiveness in mitigating identified threats. The evaluation includes hands-on testing, performance benchmarking, and compatibility checks with existing systems. The findings are compiled into a detailed report, highlighting the strengths and weaknesses of each product and providing recommendations for the best-fit solution. This project ensures that the organization selects a cybersecurity product that not only meets its current needs but also supports its future security strategy and objectives.

A sector-based cybersecurity threat intelligence briefing involves delivering targeted, industry-specific insights into the latest cyber threats and trends affecting a particular sector, such as finance, healthcare, or energy. The project begins with comprehensive research and analysis of current threat landscapes, leveraging sources such as threat intelligence feeds, industry reports, and expert analyses. The briefing is tailored to address the unique risks and vulnerabilities pertinent to the sector, highlighting recent incidents, emerging threats, and the tactics, techniques, and procedures (TTPs) used by adversaries. This information is synthesized into a clear, actionable report or presentation, offering practical recommendations for mitigating identified risks and enhancing the sector’s cybersecurity posture. By providing a sector-focused threat intelligence briefing, organizations within the industry can better understand their specific threat environment, make informed security decisions, and strengthen their defenses against sector-targeted cyber threats.