Educause Security Discussion mailing list archives

Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

From: Shannon Ortiz <ortiz () FORDHAM EDU>
Date: Fri, 3 Sep 2021 10:57:01 -0400

The obvious response to your legal counsel is, they wouldn't be doing
anything bad actors AND the government aren't already doing now.  Unless
you let them in and scan your network.  We are only considering them to
scan us from an external perspective.

Shannon
__________________________________
Shannon L. Ortiz, CISSP, CISM, C|CISO
Fordham IT
Director of IT Security
ortiz () fordham edu
(718) 817-3799
__________________________________



On Fri, Sep 3, 2021 at 10:03 AM Koppel, Lorna <Lorna.Koppel () tufts edu>
wrote:

Hi Everyone,



I too am interested in trying their services.  I ran into concerns from
legal and others about the perception of having a government agency looking
at our network especially with people being nervous about immigration.
Anyone else dealt with that?



Thanks,

Lorna



*Lorna L. Koppel*

Director of Information Security

Office of Information Security (OIS)
Tufts University
169 Holland Street
<https://urldefense.proofpoint.com/v2/url?u=https-3A__outlook.office.com_mail_deeplink_compose_AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI-252B34CAAA-253D-3Fversion-3D2019123003.04-26popoutv2-3D1&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=U7zKQ9JOrRVtHf0QfnHYv76s5HeqEJjaL6F0cGygeQQ&e=>
Somerville, MA 02144
<https://urldefense.proofpoint.com/v2/url?u=https-3A__outlook.office.com_mail_deeplink_compose_AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI-252B34CAAA-253D-3Fversion-3D2019123003.04-26popoutv2-3D1&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=U7zKQ9JOrRVtHf0QfnHYv76s5HeqEJjaL6F0cGygeQQ&e=>
Phone: 617.627.0885

*From:* The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Valerie Smith
*Sent:* Friday, September 3, 2021 10:02 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Cybersecurity and Infrastructure Security
Agency(CISA) Cyber Hygiene scan services



Hi Vince,



We've used it for almost a year now and we really like it. It's
essentially just Nessus but they send a weekly pdf report with good info,
charts, and graphs (the original Nessus data is embedded as an attachment
in the appendix too). I've used their graphs in reports to management. And
being able to say "DHS says this is a critical vulnerability" has helped
get people to act a little quicker with remediations than they may have
otherwise. ;)



Also they send an annual report of aggregated, anonymized vuln data from
across higher ed so that you can see how your institution compares against
the average.



Let me know if you have other questions or there's anything else I can
help with regarding this topic.



Thanks,

Val


Valerie Smith, CISSP (she/her)

Sr. Information Security Analyst

SUNY Geneseo

vsmith () geneseo edu





On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu> wrote:

Good morning, All!



I am writing to inquire whether anyone is taking advantage of the
Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan
services?



We became aware of it recently and are considering signing up. Since it’s
a free service, and another way to test the vulnerabilities of your
publicly accessible networks, it seems like a no-brainer.



But we are curious who is/has used it and what you thought of their
findings.



Thanks in advance!



Vince Bonura

IT Risk Analyst



Fordham University

(718) 817-1875

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=iFoNAASdlL31d3P-xkeEi-gVBrZMz1BrvMuky4_GPjo&e=>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=iFoNAASdlL31d3P-xkeEi-gVBrZMz1BrvMuky4_GPjo&e=>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=iFoNAASdlL31d3P-xkeEi-gVBrZMz1BrvMuky4_GPjo&e=>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services, (continued)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Brian Cornell (Sep 03)
  - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services John Ramsey (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Powell, Andy (Sep 03)
  - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services La Grew, Jesse S (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Kevin Ledbetter (Sep 03)
  - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Sean Hagan (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Valerie Smith (Sep 03)
  - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Hillhouse, Bob (Bob) (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Shannon Ortiz (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Ken Connelly (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Kevin Ledbetter (Sep 03)
    - Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Davis, Ken (Sep 03)
    - Re: [EXTERNAL] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Nelson, Leonard (Sep 05)
    - Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Thomas Dugas (Sep 07)
    - Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services David Allen (Sep 08)
    - Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Valerie Smith (Sep 08)
    - Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Chester, Heather (Sep 09)
    - Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services David Allen (Sep 09)