Educause Security Discussion mailing list archives
Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services
From: "Hillhouse, Bob (Bob)" <bob () UTK EDU>
Date: Fri, 3 Sep 2021 14:08:19 +0000
@Lorna – I can see a concern over perception but they are only looking at public facing structure anyway. There are already Government agencies monitoring public network traffic. Are they concerned because the agency is collecting the information and reporting on it? Or, have they given you any context for the concern? -- Bob Hillhouse, CISSP Associate CIO & CISO Phone: (865) 974-8445 The University of Tennessee, Knoxville bob () utk edu From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Koppel, Lorna <Lorna.Koppel () TUFTS EDU> Date: Friday, September 3, 2021 at 10:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Hi Everyone, I too am interested in trying their services. I ran into concerns from legal and others about the perception of having a government agency looking at our network especially with people being nervous about immigration. Anyone else dealt with that? Thanks, Lorna Lorna L. Koppel Director of Information Security Office of Information Security (OIS) Tufts University 169 Holland Street<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fmail%2Fdeeplink%2Fcompose%2FAAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%252B34CAAA%253D%3Fversion%3D2019123003.04%26popoutv2%3D1&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171764641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SpGrnyPpfUnQ2QBjW0AQ5RL9GT%2BYdLOZ2rGXJ4D5bfs%3D&reserved=0> Somerville, MA 02144<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fmail%2Fdeeplink%2Fcompose%2FAAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%252B34CAAA%253D%3Fversion%3D2019123003.04%26popoutv2%3D1&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171764641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SpGrnyPpfUnQ2QBjW0AQ5RL9GT%2BYdLOZ2rGXJ4D5bfs%3D&reserved=0> Phone: 617.627.0885 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Valerie Smith Sent: Friday, September 3, 2021 10:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Hi Vince, We've used it for almost a year now and we really like it. It's essentially just Nessus but they send a weekly pdf report with good info, charts, and graphs (the original Nessus data is embedded as an attachment in the appendix too). I've used their graphs in reports to management. And being able to say "DHS says this is a critical vulnerability" has helped get people to act a little quicker with remediations than they may have otherwise. ;) Also they send an annual report of aggregated, anonymized vuln data from across higher ed so that you can see how your institution compares against the average. Let me know if you have other questions or there's anything else I can help with regarding this topic. Thanks, Val Valerie Smith, CISSP (she/her) Sr. Information Security Analyst SUNY Geneseo vsmith () geneseo edu<mailto:vsmith () geneseo edu> On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu<mailto:vbonura () fordham edu>> wrote: Good morning, All! I am writing to inquire whether anyone is taking advantage of the Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services? We became aware of it recently and are considering signing up. Since it’s a free service, and another way to test the vulnerabilities of your publicly accessible networks, it seems like a no-brainer. But we are curious who is/has used it and what you thought of their findings. Thanks in advance! Vince Bonura IT Risk Analyst Fordham University (718) 817-1875 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171774597%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BECenSc14vEJGDG4TIu9xWEsy8PS6xxM9KsUPLF5cfE%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171774597%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BECenSc14vEJGDG4TIu9xWEsy8PS6xxM9KsUPLF5cfE%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171784552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8OqyMaffAFN7B8UoiIHeP0W8bcPc9W3mGTswUJXx1C8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Vince Bonura (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Brian Cornell (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Powell, Andy (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services La Grew, Jesse S (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Kevin Ledbetter (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Sean Hagan (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services La Grew, Jesse S (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Valerie Smith (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Hillhouse, Bob (Bob) (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Shannon Ortiz (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Ken Connelly (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Kevin Ledbetter (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Davis, Ken (Sep 03)
- Re: [EXTERNAL] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Nelson, Leonard (Sep 05)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Thomas Dugas (Sep 07)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services David Allen (Sep 08)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Valerie Smith (Sep 08)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Chester, Heather (Sep 09)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)