Educause Security Discussion mailing list archives
Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services
From: Shannon Ortiz <ortiz () FORDHAM EDU>
Date: Fri, 3 Sep 2021 10:57:01 -0400
The obvious response to your legal counsel is, they wouldn't be doing anything bad actors AND the government aren't already doing now. Unless you let them in and scan your network. We are only considering them to scan us from an external perspective. Shannon __________________________________ Shannon L. Ortiz, CISSP, CISM, C|CISO Fordham IT Director of IT Security ortiz () fordham edu (718) 817-3799 __________________________________ On Fri, Sep 3, 2021 at 10:03 AM Koppel, Lorna <Lorna.Koppel () tufts edu> wrote:
Hi Everyone, I too am interested in trying their services. I ran into concerns from legal and others about the perception of having a government agency looking at our network especially with people being nervous about immigration. Anyone else dealt with that? Thanks, Lorna *Lorna L. Koppel* Director of Information Security Office of Information Security (OIS) Tufts University 169 Holland Street <https://urldefense.proofpoint.com/v2/url?u=https-3A__outlook.office.com_mail_deeplink_compose_AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI-252B34CAAA-253D-3Fversion-3D2019123003.04-26popoutv2-3D1&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=U7zKQ9JOrRVtHf0QfnHYv76s5HeqEJjaL6F0cGygeQQ&e=> Somerville, MA 02144 <https://urldefense.proofpoint.com/v2/url?u=https-3A__outlook.office.com_mail_deeplink_compose_AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI-252B34CAAA-253D-3Fversion-3D2019123003.04-26popoutv2-3D1&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=U7zKQ9JOrRVtHf0QfnHYv76s5HeqEJjaL6F0cGygeQQ&e=> Phone: 617.627.0885 *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Valerie Smith *Sent:* Friday, September 3, 2021 10:02 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Hi Vince, We've used it for almost a year now and we really like it. It's essentially just Nessus but they send a weekly pdf report with good info, charts, and graphs (the original Nessus data is embedded as an attachment in the appendix too). I've used their graphs in reports to management. And being able to say "DHS says this is a critical vulnerability" has helped get people to act a little quicker with remediations than they may have otherwise. ;) Also they send an annual report of aggregated, anonymized vuln data from across higher ed so that you can see how your institution compares against the average. Let me know if you have other questions or there's anything else I can help with regarding this topic. Thanks, Val Valerie Smith, CISSP (she/her) Sr. Information Security Analyst SUNY Geneseo vsmith () geneseo edu On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu> wrote: Good morning, All! I am writing to inquire whether anyone is taking advantage of the Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services? We became aware of it recently and are considering signing up. Since it’s a free service, and another way to test the vulnerabilities of your publicly accessible networks, it seems like a no-brainer. But we are curious who is/has used it and what you thought of their findings. Thanks in advance! Vince Bonura IT Risk Analyst Fordham University (718) 817-1875 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=iFoNAASdlL31d3P-xkeEi-gVBrZMz1BrvMuky4_GPjo&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=iFoNAASdlL31d3P-xkeEi-gVBrZMz1BrvMuky4_GPjo&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=D9mKfAkQ-kGd1n3z1-R2FnprkO7dcO1aK3OgDqqjZcQ&m=Fs7pxfl3_a3pTuEAO31uEjBAoybE5reDES26bPaxNg0&s=iFoNAASdlL31d3P-xkeEi-gVBrZMz1BrvMuky4_GPjo&e=>
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services, (continued)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Brian Cornell (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Powell, Andy (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services La Grew, Jesse S (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Kevin Ledbetter (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Sean Hagan (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services La Grew, Jesse S (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Valerie Smith (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Hillhouse, Bob (Bob) (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Shannon Ortiz (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Ken Connelly (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Kevin Ledbetter (Sep 03)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Davis, Ken (Sep 03)
- Re: [EXTERNAL] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Nelson, Leonard (Sep 05)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Thomas Dugas (Sep 07)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services David Allen (Sep 08)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Valerie Smith (Sep 08)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Chester, Heather (Sep 09)
- Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services David Allen (Sep 09)
- Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services Koppel, Lorna (Sep 03)