UGA CyberArch

Services

UGA CyberArch provides a cybersecurity risk review service for partner organizations in Georgia. Partners include K-12 school districts, local governments, rural hospitals, and small businesses. The service is free of charge, and provides a total value of approximately $60,000 to $180,000 from seven teams working over a semester.

The cybersecurity risk review service consists of three phases:

• Phase 1: Initial Assessment. The student interns, working in teams of four, review a series of risk questions to understand the current cybersecurity situation of the partner organization. The questions cover topics such as policies, procedures, training, hardware, software, network, data, and incident response.
• Phase 2: Site Visit. The student interns visit the partner organization to observe their operations, interview key personnel, and collect additional data. The visit helps the interns validate and supplement the information gathered in the initial assessment.
• Phase 3: Final Report. The student interns analyze the data collected and prepare a final report that includes recommendations to enhance the cybersecurity posture of the partner organization. The report is presented to the partner organization and the UGA CyberArch faculty and staff.

The cybersecurity risk review service benefits both the partner organizations and the student interns. The partner organizations receive a comprehensive and confidential assessment of their cybersecurity strengths and weaknesses, as well as actionable suggestions to improve their security. Through hands-on experience in conducting a cybersecurity risk review, student interns gain valuable skills that help them pursue cybersecurity careers.

Organizations interested in risk reviews should fill out our Contact form .

Upcoming Webinars

• From Crisis to Control: Optimizing Incident Response
  Wednesday, Nov 13, 2024 | 11 a.m. - noon
  Register
• Closing the Cybersecurity Loop: A Comprehensive CIS Controls Overview
  Wednesday, Dec 11, 2024 | 11 a.m. - noon
  Register

Past Webinars

• The Human Firewall: Enhancing Security through Awareness Training
  Wednesday, Oct 16, 2024
  

  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), covers the vital importance of CIS Control 14 (Security and Awareness Skills Training) and how ongoing, tailored training equips employees to recognize and respond to evolving threats like phishing and social engineering. He highlights the need for real-world scenarios and interactive exercises to reinforce skills. He also discusses the importance of regular assessments to ensure the effectiveness of training programs, helping organizations foster a security-aware culture and strengthen their defenses.
  View webinar recording

• Unlocking Lost Data: Strategies for Successful Data Recovery
  September 18, 2024
  

  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), covers the vital importance of CIS Control 11 (Data Recovery) and how a well-executed data recovery strategy safeguards organizations from data loss caused by hardware failures or accidental deletions. He highlights the need for frequent testing of backups and automating processes to ensure quick and seamless restoration. He also discusses the importance of having accessible backups to minimize downtime and maintain business continuity.
  View webinar recording

• Strengthening Your Digital Perimeter: Strategies Against Malware Threats
  August 21, 2024
  

  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), covers the critical significance of CIS Control 10 (Malware Defenses) and the proactive measures organizations can take to protect their systems from malware infections. He emphasizes the importance of deploying robust antivirus solutions, regularly updating malware definitions and configuring systems to automatically quarantine or remove detected threats.
  View webinar recording

• Fortifying Digital Gates: Email and Browser Defense Strategies
  July 17, 2024
  

  Sarah Day, Senior Cybersecurity Controls Engineer for the Center for Internet Security (CIS), covers CIS Control 9 (Email and Web Browser Protections) and how crucial they are for safeguarding systems and data. She discusses implementing email filtering and anti-phishing measures, deploying web content filtering to block access to malicious websites and ensuring email and web browser software are regularly updated to address security vulnerabilities.
  View webinar recording

• Uncovering Risks: The Power of Continuous Vulnerability Management
  June 18, 2024
  

  Sarah Day, Senior Cybersecurity Controls Engineer for the Center for Internet Security (CIS), covers CIS Control 7 (Continuous Vulnerability Management) and how crucial it is for maintaining the security of systems and data. Day explained foundational vulnerability management concepts, including communicating the vulnerability management lifecycle, continuously scanning systems for vulnerabilities, prioritizing the remediation of high-risk vulnerabilities, patching systems promptly and implementing processes to address newly-discovered vulnerabilities in a timely manner. She also introduced free resources and low-cost tools to help deal with vulnerabilities in an enterprise.
  View webinar recording

• Securing Digital Assets: Account & Access Control Best Practices
  May 15, 2024
  Sarah Day, Senior Cybersecurity Controls Engineer for the Center for Internet Security (CIS), delves into the critical significance of CIS Control 5 (Account Management) and CIS Control 6 (Access Control Management). She explores the best practices for creating, managing and securing user accounts while implementing strong password policies and multi-factor authentication to ensure only authorized access. Day also dives into the importance of defining and enforcing access control policies, implementing role-based access controls (RBAC) and monitoring user access to protect an organization's sensitive data and mitigate the risk of insider threats.
  View webinar recording

• Navigating Secure Configurations: Shielding Software and Enterprise Assets
  April 17, 2024
  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), discusses the critical significance of CIS Control 4 (Secure Configuration of Enterprise Assets and Software). He emphasizes enhancing your organization's security posture through effective management of firewalls, session locking, and default accounts, minimizing vulnerabilities, and fortifying access controls. Implementing Control 4 forms an integral part of a comprehensive cybersecurity strategy, reducing the risk of security breaches and potential attack surfaces.
  View webinar recording

• Stay Secure: Elevating Your Data Protection
  March 20, 2024
  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), examines the critical significance of CIS Control 3 (Data Protection). He elaborates on how Control 3 ensures the safeguarding of sensitive data through measures such as encryption, access controls, and data handling protocols. Franklin emphasizes how implementing Control 3 forms an integral part of a comprehensive cybersecurity strategy, fortifying defenses against data breaches and unauthorized access.
  View webinar recording

• Security Synergy: Mastering Asset Controls in Hardware and Software
  February 21, 2024 
  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), and Sarah Day, Senior Cybersecurity Controls Engineer for the Center for Internet Security (CIS), break down the importance of CIS Control 1 (Inventory and Control of Enterprise Assets) and Control 2 (Inventory and Control of Software Assets). They discuss how Controls 1 and 2 provide a robust foundation for cybersecurity by establishing visibility and control over your IT assets.
  View webinar recording

• Decoding the CIS Controls Webinar
  January 17, 2024
  Joshua Franklin, Senior Security Engineer at the Center for Internet Security (CIS), discusses general information regarding CIS controls and how they relate to cybersecurity and how they are used.
  View webinar recording

• Is Your Government Cyber Aware? Webinar
  This hourlong session highlights the story of one local government’s encounter with hackers and offers resources and guidance should something similar happen in your community. During the session, Zach Propes, assistant county administrator in Hall County, shares lessons from surviving a cyberattack. 
  View webinar recording

Student Involvement

Students are vital to UGA CyberArch! The program involves student interns working in teams of four. They conduct a cybersecurity risk review, make a site visit, and create a final report with recommendations to improve an organization’s cybersecurity posture. 

In addition to learning about cybersecurity best practices, UGA CyberArch interns gain valuable skills that help them pursue cybersecurity careers.

Visit the CyberArch Internships page for more about our intern program.

Collaboration

UGA CyberArch collaborates with a number of UGA Public Service and Outreach units as well as academic departments and colleges across the University.  

•  The Center for Internet Security (CIS)
• The UGA Small Business Development Center (SBDC)
• The UGA Archway Partnership
• The UGA Center for Continuing Education & Hotel
• Women in Cybersecurity (WiCyS) - UGA Chapter

Contact Us

Log In

Click here to log in.