Re: Top 3 "hot topics" for CYBERSECURITY

[Cal Frye <cxf244 () CASE EDU>]

Forwarded at Mark's request:
> ---------- Forwarded message ----------
> From: Mark Herron <mfh36 () case edu <mailto:mfh36 () case edu>>
> To: The EDUCAUSE Security Community Group Listserv 
> <SECURITY () listserv educause edu <mailto:SECURITY () listserv educause edu>>
> Cc:
> Bcc:
> Date: Thu, 9 Sep 2021 10:01:34 -0400
> Subject: Re: [SECURITY] [External] Re: [SECURITY] Top 3 "hot topics" 
> for CYBERSECURITY
>
>
> Ransomware is an umbrella; an omnibus.  And I think it's absolutely #1 
> right now as it can be an existential threat to the university (what 
> if it shuts you down for a whole semester?  There's no remote work 
> either.  What will your faculty do?  Hourly employees?  Students?  Or 
> if you need to pay millions?)
>
> You can nest multiple aspects under it now, that used to be considered 
> individual concerns, like cyberinsurance, privileged access 
> management, endpoint protection, advanced email protections, 
> vulnerability management, compromise (C&C) detection, incident 
> response, backup and restore, etc..
>
> You could even take the Kill Chain (starting with delivery) and/or the 
> ATT&CK Framework and use each step/column of it as a subheading or 
> guide, and just step through them:
> 1 - ransomware
> 1a - vulnerability management
> 1a.1 - remote access (network ingress services)
> 1b - advanced email protections
> 1c - endpoint protection (not just AV)
> 1d - credential/access management
> 1d.1 - MFA
> 1d.2 - PAM
> 1e - log management, baselining/IoCs and alerting
> 1f - C&C detection (Suricata, Zeek/Netflow and/or network egress services)
> 1g - Incident response
> 1h - backup and restore
> 1g - cyberinsurance
> ...
> Those sort-of follow the Kill Chain:  Delivery — Exploitation — 
> Installation — Command & Control (C2) — Actions on Objectives path 
> (then Detection, Alerting & Response, which come after the Kill Chain)
>
> You can add more specifics with the ATT&CK Framework to itemize 
> controls or protections:  Initial Access — Execution — Persistence — 
> Privilege Escalation — Defense Evasion — Credential Access — Discovery 
> — Lateral Movement — Collection — Exfiltration — Impact
>
> Which clearly lays out the omnibus aspect of it and why it's such a 
> big deal - it pulls all those things together!  Ugh.  So there is my 
> number 1 (12+), then,
>
> 2 - Staffing (another existential threat to the InfoSec/IT teams)
> 3 - NIST 800-171 and CMMC
>
> (and see others' responses - all good so far!)
>
> -Mark
>
> P.S. Here's a nice guide to the Kill Chain and ATT&CK:
> https://medium.com/cycraft/cycraft-classroom-mitre-att-ck-vs-cyber-kill-chain-vs-diamond-model-1cc8fa49a20f
>
>
>
> --
> Mark F. Herron, MA, CISSP
> Chief Information Security Officer
> Associate Vice President
> Crawford Hall, Suite 455
> Case Western Reserve University
> v: 216-368-6959
>
> /~ Keep the bad actors out; verify the trusts; support the creation 
> and sharing of knowledge and information as intended; and keep the 
> university safe by protecting all our systems, data, and users. ~/

Cal Frye, Compliance Technologist
calvin.frye () case edu, o.216-368-3769 m.216-299-9270; he/him/his
[U]Tech Research Computing and CyberInfrastructure, Information Security
Case Western Reserve University
<https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community