Frequently Asked Questions
Q. Why should my organization participate?
In addition to receiving a free risk assessment for your organization, the data gathered will establish a baseline to guide future planning, policies, and expenditures to strengthen the state’s critical infrastructure assets. This could yield additional state-provided resources and tools for your organization.
Q. We don’t have a cybersecurity person on staff. Can someone help us answer the questions?
Yes! Cyber Florida has a network of staff and volunteers available to assist organizations in completing the assessment. They can connect virtually or in person to help you submit your assessment. Complete the contact form above to request assistance.
Q. We’ve completed a risk assessment with a third-party vendor, why should we complete our CI risk assessment?
You may have completed a risk assessment with a third-party vendor, but you will not be included in the overall Florida critical infrastructure risk score, which may impact the policies and potential funding for Florida critical infrastructure. The survey is short and easy to use. You will not be asked to provide any information that will reveal protected company details, your information will be strictly protected as critical infrastructure information.
Q. We’ve completed a risk assessment with the CSET tool, why should we complete another one?
Within the CSET tool, there are a variety of options based on the type of standard being measured. For this reason, we ask all critical infrastructure owners/operators to participate in the survey to be counted and heard so the leaders of Florida can get as accurate a picture as possible to guide Florida’s future investments to make Florida a safe and secure state to live, work, and play.
Q. How is the data gathered protected?
The data is gathered anonymously and stored on physical servers at the University of South Florida. The University of South Florida uses the NIST Cybersecurity framework to manage its technical and administrative controls. The university has a complete set of security policies, procedures, and standards based on the NIST 800-171 security guidelines. In addition to these administrative controls, the university employs a great number of technical controls including but not limited to: A number of physical and cloud-based Pal Alto Firewalls, the complete Microsoft Defender Stack of products including EDR, Beyond Trust Privileged access management, Microsoft MFA, Splunk for Enterprise Security SIEM, and regular penetration tests and risk assessment performed by both internal staff, state auditors, and 3rd party companies.
The University of South Florida is a Carnegie Research-1 University with numerous federal grants dealing with Medical, Personal, and DoD restricted non-classified data that is secured and monitored 24/7 by USF staff as well as two external SOCs.
Still have a question or need assistance? Please submit the form below and a team member will contact you shortly.