INVITATION TO CYBERSECURITY 96 Table 5.3 Partial NIST CSF audit checklist3 To provide even more evidence of a secure cyber posture, a penetration test (pentest) may be performed. A pentest (discussed in Chapter 3) is an active probing of the cybersecurity defenses of an organization for the purpose of improving security. Pentests go beyond just confirming the presence of cybersecurity best practices by actively testing their effectiveness. Vulnerability assessments are another way to measure the cybersecurity of an organization. A vulnerability assessment is a scan for known vulnerabilities on a computer system or network. They can be automated to produce regular reports and alerts for cybersecurity personnel to review and address. Vulnerability scanners draw from a continually updated catalog of discovered vulnerabilities. While not as in-depth as pentests, they are much less expensive, can be performed frequently, and still provide valuable insights. In addition to NIST, the Cybersecurity and Infrastructure Agency (CISA) is a United States government agency devoted to the cyber defense of our nation. Their cybersecurity mission is, “to defend and secure cyberspace by leading national efforts to drive and enable effective national cyber defense, resilience of national critical functions, and a robust technology ecosystem.”4 CISA was formally established in 2018 as a component of the Department of Homeland Security (DHS). They not only work with government agencies, but also partner with the private sector, sharing information about threats, providing risk management guidance, and promoting best practices. DHS also houses the United States 3 Source: NIST Computer Security Resource Center Cybersecurity and Privacy Reference Tool 4 cisa.gov website. Cybersecurity Division - Mission. Retrieved June 2025.
RkJQdWJsaXNoZXIy MTM4ODY=