Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

From: Ken Connelly <ken.connelly () UNI EDU>
Date: Fri, 3 Sep 2021 10:09:53 -0500
THIS!!

Plus my general paranoia about giving the feds permission to do this.
Not that they can't/couldn't/wouldn't do it anyway, but if I say "ok",
then I said "ok" and they have permission.

-ken

On 9/3/21 9:03 AM, Koppel, Lorna wrote:


Hi Everyone,

 

I too am interested in trying their services.  I ran into concerns
from legal and others about the perception of having a government
agency looking at our network especially with people being nervous
about immigration.  Anyone else dealt with that?

 

Thanks,

Lorna

 

/Lorna L. Koppel/

Director of Information Security

Office of Information Security (OIS)
Tufts University
169 Holland Street
<https://outlook.office.com/mail/deeplink/compose/AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%2B34CAAA%3D?version=2019123003.04&popoutv2=1>
Somerville, MA 02144
<https://outlook.office.com/mail/deeplink/compose/AAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%2B34CAAA%3D?version=2019123003.04&popoutv2=1>
Phone: 617.627.0885

*From:* The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Valerie Smith
*Sent:* Friday, September 3, 2021 10:02 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Cybersecurity and Infrastructure Security
Agency(CISA) Cyber Hygiene scan services

 

Hi Vince,

 

We've used it for almost a year now and we really like it. It's
essentially just Nessus but they send a weekly pdf report with good
info, charts, and graphs (the original Nessus data is embedded as an
attachment in the appendix too). I've used their graphs in reports to
management. And being able to say "DHS says this is a critical
vulnerability" has helped get people to act a little quicker with
remediations than they may have otherwise. ;) 

 

Also they send an annual report of aggregated, anonymized vuln data
from across higher ed so that you can see how your institution
compares against the average.

 

Let me know if you have other questions or there's anything else I can
help with regarding this topic.

 

Thanks,

Val  


Valerie Smith, CISSP (she/her)

Sr. Information Security Analyst

SUNY Geneseo

vsmith () geneseo edu <mailto:vsmith () geneseo edu> 

 

 

On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu
<mailto:vbonura () fordham edu>> wrote:

    Good morning, All!

     

    I am writing to inquire whether anyone is taking advantage of the
    Cybersecurity and Infrastructure Security Agency(CISA) Cyber
    Hygiene scan services?

     

    We became aware of it recently and are considering signing up.
    Since it’s a free service, and another way to test the
    vulnerabilities of your publicly accessible networks, it seems
    like a no-brainer.

     

    But we are curious who is/has used it and what you thought of
    their findings.

     

    Thanks in advance!

     

    Vince Bonura

    IT Risk Analyst

     

    Fordham University

    (718) 817-1875

    **********
    Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent
    the message, copy and paste their email address and forward the
    email reply. Additional participation and subscription information
    can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email
reply. Additional participation and subscription information can be
found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email
reply. Additional participation and subscription information can be
found at https://www.educause.edu/community



-- 
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-3010

Any request to divulge your UNI password via e-mail is fraudulent!


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: