Techcafeteria’s approach to security assessments is based on the NIST 800-171 and 800-53 frameworks, supplemented by additional questions based on our knowledge of best security practices for nonprofits. The combined framework is broken into the 16 sections, listed below. Each section contains from 2 to 25 controls, which are automated or human-initiated processes that could potentially be compromised. Altogether, the framework provides a comprehensive list of areas of risk.
For the assessment, Techcafeteria will interview key staff with knowledge of the operations in the 16 areas. Those staff usually include IT, Finance, HR, Legal, and Communications staff, although, depending on your organization’s configuration, others might be involved. The NIST 800-171 language is highly technical, so Techcafeteria uses a custom questionnaire that reformats the NIST language into more easily understood questions.
The assessment report will identify where your organization is in compliance with the framework and where there are gaps. The report will include detailed recommendations with budget and resource estimates. Rounding out the report is a remediation plan with prioritized items to be addressed and high-level guidance on how they might be resolved. In addition to the detailed written report, Techcafeteria will provide a summary deck of slides to share with staff.
The NIST guidelines were developed with Federal agencies in mind. Techcafeteria understands that nonprofits are resourced very differently from such agencies. Our remediation guidance factors in the realities of a nonprofit budget and staffing, weighs that against the risks, and offers achievable remediation options that can be accomplished within your budget and available resources.
Security Policy Development
The most secure nonprofits are the ones that value the information security of their clients and incorporate secure practices into their daily routines. That starts with adopting strong policies. Techcafeteria can guide you on developing the standard set of security policies that every organization should have in place.
Techcafeteria’s mission is to help nonprofits use technology to advance their work. We tailor our advice to fit the mission, strategy, culture, and available resources of our clients.
If you are with a nonprofit or a similar organization working to improve lives, we’d love to hear about your technology challenges and see if we can either help you, or point you in the direction of someone who can. Just fill out this form and you’ll hear back from us.
Strategic Technology Assessments
Information Security Assessments
Software and Service Selections
Fractional CIO Services
Business Process Analysis
Microsoft 365 Strategy