You are here
What is NCSS CARES? The NCSS Cybersecurity Assessment and Resiliency Evaluation for Small Business (CARES) was adapted from the cybersecurity framework developed through a partnership between the National Institute for Standards and Technology and the private sector. It is a free assessment methodology for small business.
NCSS recommends small businesses take the survey to determine their cyber risk; sign up for a NCSS membership; and request a remediation plan tailored to their specific industry and risk. With membership, the business will receive daily threat reports, weekly cyber tips and monthly how-to-guides and webinars on how to implement a specific cyber business practice.
The CARES questions were derived from industry feedback and selected based upon NCSS educational tracts. CARES is a survey that translates the framework into a useful action plan – tailored to the specific needs of the small business.
For a complete mapping of the questions to the framework, and other industry standards, see our link below under “How-To”.
When I become a member of the NCSS am I protected against a cyber attack?
Note: no person or company is 100% safe from a cyber incident, however as a member of our community your company will have access to tools to help protect you from cyber crime.
No, the NCSS does not provide cybersecurity services nor do we provide tools for you to protect your networks and data.
However, NCSS does provide you information so that you can obtain these services from the private sector as an informed consumer. We also provide educational materials for you and your employees in order to stay safe on line.
How much does it cost to become a member with the NCSS? Is that a one-time payment?
We ask for a yearly donation of $375 per company. This membership fee provides you access to all the materials we offer, such as:
- On-line educational tools, webinars, videos and downloadable products
- Threat reports and alerts
- Annual SMB industry risk profile
- A Cyber Risk score of your cyber risk profile in order to understand how your company stacks up to other companies
- “Ask an Expert” services, so you have a professional to contact personally
- Remediation plans to the small business owners who complete the survey
- Recommendations on services and tools that address your remediation needs.
Will the NCSS be available 24 hours a day, in case my company detects a breach after hours?
Yes, however NCSS should not be the first entity your company calls.
We recommend your company develop a response plan that details the steps you should take if you expect a cyber intrusion/data breach.
NCSS provides education and templates on how to develop a response plan.
NCSS also has a “how to guide” on whom to call when you suspect a breach.
Can I join if I’m not a small business owner?
Yes, medium sized business can join as well, as well as non-profits, state and local agencies – no matter what industry you are in.
Will The NCSS provide online materials to better educate my employees, or to educate new employees to our current procedures?
Yes, the NCSS website will have up to date webinars, training courses and videos that will enable new employees or current ones to help stay up to date.
Do I need a certain amount of employees to become a member with the NCSS?
No, if you are the only employee in your company, you can join and benefit from our services.
How will my data be protected?
All business data about the SMB will be protected by the highest encryption methods both data in transit and data at rest. Data will be protected from NCSS staff and at the end of the calendar year, will be permanently destroyed. SMBs may request copies of NCSS audit data to demonstrate how we protect and secure your data. In the event a data breach occurs, the entity will be notified prior to any mandated public notification if required.
How do I know the technical and educational support is current?
Our community is comprised of information technology and security companies and those professionals focused on protecting the safety and security of the small business owner. These companies have contributed funds, technical advice and sponsor educational videos, webinars and conferences. Our technologists provide tools for scanning, remediation support and staff the “Ask the Expert” feature on our website. They ensure that the content and activities we provide to the small business owner is current, reliable and relevant. They represent the ‘best practices” in the industry and are committed to ensuring our digital economy is sustained.
I can’t find something I am looking for, is there anyone that can help?
Yes, we staff our on-line “Ask an Expert” feature. If you don’t see a how-to-guide” and/or need help with a specific technical question, we have leading technology experts who can help. Your questions assist us in improving our services, and if you see something that is missing, we can take your request for a future product. We are here to help and depend on your feedback to improve our services.
I am a cybersecurity professional, and I would like to help. How do I get involved?
Please contact us at firstname.lastname@example.org
We are continuously looking for technologists to help write content, develop how-to-guides, staff our “Ask-an-Expert” feature; give webinars, videos and other educational and training materials needed.