Cybersecurity Quarterly
Fall 2020
A Publication from
Clearly Defining the Fundamentals of Cybersecurity Our Newest Tool to Implement the CIS Controls in Your Organization The MS- and EI-ISAC's Latest No-Cost Security Solution for SLTT Governments Making Compliance a Continuous Part of Your Security Operations
Fortifying Your Digital Defenses Knowing where to start to safeguard your organization can be intimidating. Our new endeavor can help you develop the best defense strategy for your organization.
prove YourSecurity Security Posture with rove Improve Your Posture with Improve Your Security Your Security Posture with with Improve Your Posture Security Posture w iningTraining fromSANS SANS Institute ning from Institute Training from SANS from Institute SANS Institute Training from SANS Institute
MostTrusted Trusted Source for Information Security Most Source for Information The Most Trusted The Most Source Trusted for Security Source Information for Information Security The Most Trusted Source forSecurity Information Securit ning, Certification, and Research ng, Certification, and Research Training, Certification, Training, Certification, and Research and Research and Research Training, Certification,
epartners partners withthe the Center for Program participants may purchase: with Center for Program participants may purchase: SANS Institute SANS partners Institute with the partners Center with for the Center Program for with participants Program participants purchase: may purchase: SANS Institute partners the Center formay Program participan rity provide top-rated ty Internet totoprovide itsitstop-rated Security Internet to provide Security its top-rated toInternet provide Security its top-rated to provide its top-rated ecurity trainingand and awareness curity training awareness information security information training security and information awareness training and awareness security training and awareness State, Local,Tribal, Tribal, andLocal, to ate,programs Local, and to State, programs Tribal, State, and Local, Tribal, and Local, Tribal, and programs to State, More than hands-on courses areavailable available More than 4040hands-on courses are More than 40 hands-on More than courses 40 hands-on are available courses av More than 40 are hand vernment organizations ernment organizations Territorial Government Territorial organizations Government organizations Territorial Government organizations OnDemand live, online the evenings via vLive. live, online ininthe evenings OnDemand or live, OnDemand onlinevia in orvLive. the live, evenings online invia the vLive. eveni OnDemand or live, at significantly significantly costs.reduced costs. oror reduced costs. atreduced ylyreduced costs. at OnDemand significantly reduced costs.
Leverage this special Leverage partnership this special to partnership ensurethis special to ensure Leverage partnership to ensure special partnership ensure pecial partnership totoensure thathave your employees thatand your have employees the skills have and theemployees skills and have the skills and that your ployees havethe theskills skills and oyees Train and testyour staff Train of and allfile test levels onTrain of email, alland levels filetest onstaff ema experience necessary experience necessary your to protect your experience necessary toofall protect Train and test staff alllevels levels onemail, email, file staff Train and test staff of on ecessary protect your to protect cessary totoprotect your storage, digital storage, access, digital general access, data andsecurity. generalacce da storage, digital critical organization critical from organization cyber threats. from cyber threats. storage, digital access, and general dataand security. storage, digital access, general data security. critical organization from and cyber threats. ization from cyberthreats. threats. ation from cyber
Special discounts Special are available discounts available during are purchase available our during purchase our summer window purchase window pu Special discounts are available during our summer Special discounts are during oursummer winter purchase window Specialdiscounts discounts areavailable available during oursummer summer purchase window Special are during our window December 1, 2020 - January 31,1 2021 June 1 - July 31, 2019 June - July 31, 2019 June 1 - July 31, 2019 June1 1- -July July 31,2019 2019 June 31,
Contact or partnership@sans.org, Contact partnership@sans.org, or visit www.sans.org/partnership/cis or visit www.sans.org/partnership/cis for moreor information. for more information. Contact partnership@sans.org, visit www.sans.org/partnership/cis for m Contact partnership@sans.org, or visit www.sans.org/partnership/cis for more information. Contact partnership@sans.org, visit www.sans.org/partnership/cis for more information.
Fall 2020
Contents
Featured Articles
Quarterly Regulars
Fall 2020 Volume 4 Issue 3 Founded MMXVII Editor-in-Chief Michael Mineconzo Supervising Editor Laura MacGregor Copy Editors Danielle Koonce Autum Pylant
Staff Contributors Sean Atkinson Gina Chapman Curtis Dukes Paul Hoffman Eugene Kipniss Ed Mattison Aaron Piper Tony Sager
Cleaning Up a Definition of Basic Cyber Hygiene Creating a clear and concise guide to the fundamentals of cybersecurity
8
Malicious Domain Blocking and Reporting (MDBR): The Newest Service for U.S. SLTTs A look at the new, effective, no-cost cybersecurity solution available to U.S. SLTTs
10
Introducing the Community Defense Model Our new guide to implementing an effective cyber defense program
14
How to Achieve Continuous Compliance via the CIS Benchmarks The importance of making compliance a 24/7/365 security concern
16
Introducing CIS CSAT Pro Our latest tool to make implementing the CIS Controls easier than ever
20
Quarterly Update with John Gilligan
4
News Bits & Bytes
6
Cyberside Chat
22
ISAC Update
23
Event Calendar
24
Cybersecurity Quarterly is published and distributed in March, June, September, and December. Published by Center for Internet Security 31 Tech Valley Drive East Greenbush, New York 12061 For questions or information concerning this publication, contact CIS at info@cisecurity.org or call 518.266.3460 Copyright Š 2020 Center for Internet Security. All rights reserved.
3
Cybersecurity Quarterly
Quarterly Update
with John Gilligan
“This quarter’s theme is cyber defense—not a new topic, but one where there have been a number of very important recent advances.” Welcome to the Fall Issue of Cybersecurity Quarterly. Labor Day has passed, and the summer heat is beginning to moderate. Soon, the leaves will be falling. While the seasonal cycles are familiar, COVID-19 has made this past summer one to remember as we struggle to regain some semblance of normalcy in our professional and personal lives.
Assessment Tool (CSAT) Pro, that can be run by organizations on their own local environment, permitting them to assess their implementation of the CIS Controls and manage the assessment results privately. Another article describes a capability that CIS has recently released for state and local government entities. The Congressionallyfunded and CISA-sponsored Malicious Domain This quarter’s theme is cyber defense—not a Blocking and Reporting (MDBR) was inspired by new topic, but one where there have been a a Congressional staffer who challenged CIS to number of very important recent advances. These find a low-cost, easily-implemented, and highlyadvances support the promise of a future where effective cyber protection service for state and organizations can quantitatively and rapidly assess local governments. MDBR, available to any U.S. their cybersecurity posture against common threats, state and local government entity, blocks attempts where organizations that lack technical resources can from that organization to access known malicious leverage broadly available protection capabilities, sites, effectively stopping the vast majority of and a world where notifications of emerging ransomware infections before they start. cyber threats are distributed in near real-time. In addition, an article from CIS CyberMarket In this issue, CIS's Curt Dukes describes the recentlypartner, Cimcor describes how their tools help published CIS Community Defense Model (CDM). ensure continuous compliance and vulnerability The analysis behind the CDM documents the management for organizations employing CIS effectiveness of the CIS Controls Version 7.1 against Benchmarks. Finally, CIS’s own CISO, Sean Atkinson the hundreds of cyber threats described in the MITRE has his usual column. In this issue, Sean addresses the ATT&CK Model. Perhaps more importantly, this Diderot Effect and how it applies to cybersecurity. initial version also maps the Controls to the attack patterns documented in the 2019 Verizon Data I hope you enjoy this quarter’s issue. Have a great Breach Investigations Report (DBIR). A companion fall! article by Tony Sager highlights the findings of this analysis, which confirmed that the 2019 DBIR's top five attack patterns are effectively defeated Best Regards, or prevented through deployment of the 43 SubControls that comprise Implementation Group 1 (IG1). This is an important advance in helping organizations understand the true effectiveness of implementing a small group of security controls. John M. Gilligan President & Chief Executive Officer Several articles in this issue describe new tools Center for Internet Security that are available to help protect organizations. One describes the release of the CIS Controls Self
4
Fall 2020
MDBR: Malicious Domain Blocking & Reporting
Your no-cost* proactive domain security service. Add an extra layer of cybersecurity protection at no cost that is proven, effective, and easy to deploy. * Available to U.S. State, Local, Tribal, and Territorial (SLTT)
government members of the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®)
Sign Up →
Acknowledgement This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award Number, (19PDMSI00002). Disclaimer The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security.
5
Cybersecurity Quarterly
News Bits & Bytes October is Cybersecurity Awareness Month. Now in its 17th year, Cybersecurity Awareness Month was created jointly by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. The theme for 2020 is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace, with a particular emphasis on the key message for 2020: “If you connect it, protect it.” Learn more at https://staysafeonline.org/cybersecurityawareness-month/.
Learn more about the pilot in the press release.
Tanium is the latest vendor to be added to CIS CyberMarket®. Tanium offers a unified endpoint management and security platform that is built for the world’s most demanding IT environments. Many of the world’s largest and most sophisticated organizations, including nearly half of the Fortune 100, top retailers and financial institutions, and all six branches of the U.S. Armed Forces rely on Tanium to make confident decisions, operate efficiently and effectively, and remain resilient against disruption.
CIS Controls Ambassador, Alan Watkins, recently released a new book, Creating a Small Business Cybersecurity Program. Watkins's book provides guidance and basic steps small businesses with 25-50 employees should implement, from creating governance documents to policies and procedures. Four chapters are devoted to the CIS Controls® and Sub-Controls in Implementation Group 1 (IG1) – the definition of basic cyber hygiene – and discusses risk management through the use of the CIS Risk Assessment Method. Read the press release to learn more about Watkins's book.
The Johns Hopkins Applied Physics Laboratory (APL) and the Cybersecurity and Infrastructure Security Agency (CISA) are teaming up to help state and local governments enhance their online defenses. Under a pilot program, Arizona, Louisiana, Massachusetts, and Texas, as well as the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), are applying Security Orchestration, Automation, and Response (SOAR) to this effort. This initiative will enable SLTT governments to quickly and broadly share information – in near real-time – and leverage automation to prevent or respond to cyber-attacks.
6
The Cyber Threat Alliance (CTA), a nonprofit organization working to improve the cybersecurity of the global digital ecosystem, and the Center for Internet Security, Inc. (CIS®) have signed a working agreement to cooperate on threat intelligence, coordinate during cybersecurity emergencies, and collaborate on cybersecurity exercises. CTA and CIS will engage in analytical exchanges on specific threats, risks, trends, cyber incidents, reports, and research of mutual interest. They will coordinate and share threat intelligence when appropriate and relevant. To learn more, read the press release on the new partnership.
The MS-ISAC and the Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) have signed a memorandum of understanding (MOU) to share cyber threat information. The new agreement will strengthen the cyber and physical defenses of the energy sector, and meet one of the goals of the Cybersecurity Solarium Commission — Promote National Resilience. SLTT organizations, meanwhile, will benefit from cross-sector awareness. To learn more, read the press release on the new partnership.
Fall 2020
Detect Ransomware in Minutes Notifications sent within 6 minutes of malicious activity*
Cost-effective solution Passive, fully managed intrusion detection system
Find out more →
www.cisecurity.org * Exclusive 24x7 Network Monitoring for State, Local, Tribal and Territorial Governments
Cybersecurity Quarterly
Cleaning Up a Definition of Basic Cyber Hygiene Focusing on the fundamental recommendations contained in Implementation Group 1 of the CIS Controls is key to building a strong cyber defense program. By Tony Sager In discussions about cyber defense, we often hear the term “cyber hygiene.” The general notion is that a lack of good cyber hygiene is at the heart of most cyber-attacks. The phrase plays off of commonly accepted ideas in personal hygiene or public health. That is, a number of relatively simple, well-defined personal actions (like brushing your teeth, washing your hands, getting vaccinated, “social distancing”) can provide significant value – but not a complete cure – for many health problems. Value can be received both by the individual, and also by the population as a whole. Each of these steps is simple enough to describe, but their real value is that they translate highly specialized science
8
Almost all successful attacks take advantage of conditions that could reasonably be described as “poor hygiene,” including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. and knowledge (e.g., the transmission vectors of disease) into specific personal action. The same general notion applies in cyber defense. Almost all successful attacks take advantage of conditions that could reasonably be described as “poor hygiene,” including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. This does not mean that system operators and users are lazy, or don’t care. At CIS, we attribute these failures primarily to the complexity of modern systems management, as well as a noisy and confusing environment of technology, marketplace claims, and oversight/regulation (“The Fog of More”). Defenders are just overwhelmed. Therefore, any large-scale security improvement
Fall 2020
Most of the literature of cyber hygiene fails to define the term, or simply illustrates the idea with a few examples. This leaves cyber hygiene as a “notion” or a general exhortation to do better. program needs a way to bring focus and attention to the most effective and fundamental things to be done. Most of the literature of cyber hygiene fails to define the term, or simply illustrates the idea with a few examples. This leaves cyber hygiene as a “notion” or a general exhortation to do better (“cheerleading”). To improve large-scale security, we need to prioritize and focus the attention of the entire cyber ecosystem of users, adopters, suppliers (vendors), as well as authorities (like governments, regulators, the legal system) around a specific action plan – one that is backed up by implementation guidance, measurements of success, and a marketplace of tools and services. Our recent introduction of Implementation Groups in Version 7.1 of the CIS Controls provides a basis for this approach. Implementation Group 1 (IG1) is a specific set of Sub-Controls (also known as safeguards) chosen from the CIS Controls. IG1 is a foundational set of actions for every enterprise, especially those with limited resources or expertise. The safeguards in IG1 can be the basis for an action plan for basic cyber hygiene, with an accompanying campaign, that has all the ideal attributes: Covers both organizational and personal behavior The actions are specific and easily scalable The effect on preventing, detecting, or responding to attacks can be stated No detailed domain knowledge or execution of a complex risk management process is necessary to get started
marketplace of tools for implementation and measurement The actions provide an “on-ramp” to a more comprehensive security improvement program By using IG1 as the definition of basic cyber hygiene, we make security improvement accessible to all enterprises in a way that is backed by the same analysis that underpins the Controls, and the same marketplace of tools, services, and training. And when appropriate, this approach is a natural on-ramp to IG2 and IG3 of the CIS Controls. Tony Sager is a Senior Vice President and Chief Evangelist for CIS. He leads the development of the CIS Controls, as well as champions the use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS’s independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. Sager’s awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources. Sager holds a B.A. in Mathematics from Western Maryland College and an M.S. in Computer Science from Johns Hopkins University.
These safeguards can be supported with a
9
Cybersecurity Quarterly
Malicious Domain Blocking and Reporting (MDBR): The Newest Service for U.S. SLTTs An additional layer of cybersecurity protection that is proven, effective, and easy to deploy, offered through a public-private partnership between CIS, CISA, and Akamai By Ed Mattison & Gina Chapman Malicious Domain Blocking and Reporting (MDBR) is the latest service that the Multi-State Information Sharing and Analysis Center (MS-ISAC) and Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) are adding to their defense in depth portfolios of cyber defenses. MDBR technology prevents IT systems from connecting to harmful web domains, helping
limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain. In just the first five weeks of service, the MSand EI-ISAC's MDBR service blocked 10 million malicious requests from more than 300 entities.
Malicious Domain Blocking & Reporting MDBR 346
U.S. State, Local, Tribal, and Territorial (SLTT) entities
5 weeks 10 million malicious requests blocked
10
Breakdown of blocked malicious activity
79% 15% 5% <1%
Blocked malware Command and control domains Blocked phishing attempts DNS exfiltration and all other blocked activity
Fall 2020
MDBR Service from CIS, CISA, and Akamai For this endeavor, CIS is partnering through the MS-ISAC and EI-ISAC with the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Akamai to make this service available at no cost to members of the MS-ISAC and EI-ISAC. The MS-ISAC is grantfunded by DHS, and is designated as the focal point for cyber threat prevention, protection, response, and recovery for the nation’s SLTT government entities. The MDBR service uses Akamai’s Enterprise Threat Protector (ETP) carrier-grade recursive Domain Name System (DNS) service, which is built on the global Akamai Intelligent Edge Platform. The Akamai Intelligent Edge Platform delivers up to 2.2 trillion DNS queries daily.
About MDBR MDBR is a fully managed proactive domain security service, with the MS-ISAC, the EI-ISAC, and Akamai fully maintaining the systems required to provide the service. Once an organization points its DNS requests to Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains.
In just the first five weeks of service, the MS- and EI-ISAC's MDBR service blocked 10 million malicious requests from more than 300 entities. Attempts to access known malicious domains associated with malware, phishing, ransomware, and other cyber threats will be blocked and logged. The logged data is then provided by Akamai to the ISAC Security Operations Center (SOC). The SOC uses this data to perform detailed analysis and aggregate reporting for the benefit of the SLTT community, as well as organization-specific reporting and intelligence services. If circumstances require, remediation assistance is provided for each SLTT organization that implements the service.
Advantages of MDBR The advantage of the MDBR program is the managed services provided to ISAC members. Adding MDBR capabilities to the MS-ISAC and EIISAC defense in depth approach to security provides another data stream for threat intelligence and information sharing for the SLTT and elections communities.
11
Cybersecurity Quarterly
The majority of the threat data in Akamaiâ&#x20AC;&#x2122;s Cloud Security Intelligence comes from data collected on the Akamai platform itself. This gives Akamai an unprecedented view of the threat landscape. All of this data is analyzed using proprietary algorithms that can quickly identify malicious domains contained in this large volume of data. Additionally, the Akamai threat research team further analyzes the data sets, as there are certain types of threats that an automated machine learning process will not easily detect. Future planned updates to the MDBR service will integrate unique, SLTT-specific threat data provided by the ISAC SOC. For many commercial offerings, customers typically have the ability to log into a portal to generate reports and administer the service. With MDBR, virtually no maintenance is required on the part of users, as the MS-ISAC, EI-ISAC, and Akamai completely administer the required systems. Although the MS- and EI-ISAC membership will receive regular reports, they do not have the ability to directly log into the Akamai portal or download logs from Akamai. This, as well as other additional Akamai ETP features, are available separately from the MDBR service offering to MS- and EIISAC members at negotiated reduced-fee options from Akamai through the CIS CyberMarket.
Enhancing Defenses with Albert MDBR is just the latest of the offerings that can help defend MS-ISAC and EI-ISAC members. Albert Network Monitoring, an intrusion detection system (IDS), is another option. While the two different services can be run entirely independent of each other, when used in conjunction, the combined services are extremely effective in detecting and preventing ransomware and enable actions to prevent other types of malicious attacks from being successful.
U.S. SLTTs: Sign up Today If you are an SLTT government entity, and also a member of either the MS-ISAC or EI-ISAC, you can sign up at https://mdbr.cisecurity.org/.
12
While [MDBR and Albert Network Monitoring] can be run entirely independent of each other, when used in conjunction, the combined services are extremely effective in detecting and preventing ransomware and enable actions to prevent other types of malicious attacks from being successful. For more information on how to join the MS-ISAC or EI-ISAC, visit https://www.cisecurity.org/isac/. Acknowledgment: This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award Number, (19PDMSI00002). Disclaimer: The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security. Ed Mattison was appointed Executive Vice President of CIS Operations & Security Services in April 2020. Mattison is responsible for providing executive leadership to advance the missions of the MS-ISAC and EI-ISAC. He is also charged with providing global security services and support to government and private sector organizations. As Senior Vice President and Deputy of Sales and Business Services, Gina Chapman helps drive business strategy across the sales, business development, communications, and marketing functions at CIS. She also serves as Deputy to the Executive Vice President.
}; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, " capeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter ollChannel <- reqChan;timeout := time.After(time.Second); select { case result := Fall <-2020 reqChan: if re , "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndSe "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { Target stri (chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bo atusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- workerActive; c uff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; fun an bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := st strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return get"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", h p.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); s e.Second); select { case result := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fp int(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };package main; import ( "fmt" s"; "time" ); type ControlMessage struct { Target string; Count int64; }; func main() { controlChan := make(chan bool); statusPollChannel := make(chan chan bool); workerActive := false;go admin(contr spChan := <- statusPollChannel: respChan <- workerActive; case msg := <-controlChannel: workerActiv atus := <- workerCompleteChan: workerActive = status; }}}; func admin(cc chan ControlMessage, statu admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings.Split(r.Host, ":"); r. ue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; msg := ControlMessage fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.EscapeString(r.FormValue("ta http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); statusPollChannel <- reqChan;ti := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; al(http.ListenAndServe(":1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; " ruct { Target string; Count int64; }; func main() { controlChannel := make(chan ControlMessage);wor := make(chan chan bool); workerActive := false;go admin(controlChannel, statusPollChannel); for { n <- workerActive; case msg := <-controlChannel: workerActive = true; go doStuff(msg, workerComplet ctive = status; }}}; func admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.Han equest) { hostTokens := strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r intf(w, err.Error()); return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count} for Target %s, count %d", html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/s { reqChan := make(chan bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); sele int(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TI :1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; "ti Count int64; }; func main() { controlChannel := make(chan ControlMessage);workerCompleteChan := ma ol); workerActive := false;go admin(controlChannel, statusPollChannel); for { select { case respCha ase msg := <-controlChannel: workerActive = true; go doStuff(msg, workerCompleteChan); case status nc admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.HandleFunc("/admin", func( strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r.FormValue("count"), 10 return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fpri d", html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.Res an bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); select { case result := { fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(ht ( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { Ta nnel := make(chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make( Channel, statusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- work true; go doStuff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = sta ollChannel chan chan bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) Form(); count, err := strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w rget: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for T get")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqCha ;timeout := time.After(time.Second); select { case result := <- reqChan: if result { fmt.Fprint(w, case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };pac tp"; "strconv"; "strings"; "time" ); type ControlMessage struct { Target string; Count int64; }; fu sage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bool); workerActiv ); for { select { case respChan := <- statusPollChannel: respChan <- workerActive; case msg := <-co g, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; func admi ol) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings .ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; ms Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.Esc ndleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan 13 bool); statu cond); select { case result := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint
Advanced Threats. Maximum Protection.
Ensure users and devices can safely connect from anywhere, with industry-leading protection.
Proactively identify, block, and mitigate targeted threats, including zero-day attacks, malware, and phishing.
See Why
Cybersecurity Quarterly
Introducing the Community Defense Model Sometimes, the biggest hurdle to implementing security policy is knowing where to start. Our new resource helps organizations figure out which measures to focus on. By Curtis Dukes The CIS Controls are a set of more than 170 cybersecurity defensive measures, called safeguards, organized into a set of 20 Control activities. A community of security experts cooperate to keep this list of safeguards up-to-date based on vendor summaries of recent attack activity described in reports like the Verizon Data Breach Investigations Report (DBIR) and their experiences defending actual networks. Enterprises can select safeguards from the CIS Controls to create a robust cyber defense mission for their organization.
The challenge is that most organizations do not need to implement every safeguard. Many enterprises ask for assistance prioritizing the safeguards. What should they do first as a foundation?
The challenge is that most organizations do not need to implement every safeguard. Many enterprises ask for assistance prioritizing the safeguards. What should they do first as a foundation? Our CIS Controls community responded by placing the safeguards into three implementation groups (IGs). We call the first implementation group, IG1, basic cyber hygiene. These are the safeguards that show up on any to-do list for cybersecurity and should be implemented by most organizations.
The first question is: how robust of a defense can be achieved by IG1, basic cyber hygiene, safeguards? In other words, how effective are the IG1 safeguards? A second question we intend to answer is how to select additional safeguards from IG2 and IG3. The goal is to determine the role that a safeguard plays for defense for each attack stage. This information will help an organization weigh effectiveness, reducing possible harm from threats, against the cost of implementing the safeguards.
CIS Community Defense Model
The Community Defense Model relies on the MITRE ATT&CK Framework. The CIS Controls and the MITRE ATT&CK Framework complement each other perfectly for this effort. The MITRE ATT&CK Framework is platform-and product-independent and expresses all of the possible attack techniques employed at every phase of an attack. The CIS
CIS wants to do more to help enterprises select the appropriate safeguards. The cost of cyber defense can increase dramatically as safeguards are chosen from IG2 and IG3. To help organizations decide, CIS created the Community Defense Model
14
(CDM) to address two important questions.
Fall 2020
Controls are also platform-and vendor-neutral and can express most of the defensive options available to mitigate each phase of an attack. The CDM model has three steps: 1. Identify the most prevalent and damaging attack patterns from current industry investigative reports on incidents and breaches 2. Normalize the attack patterns by expressing them in the MITRE ATT&CK model as the set of techniques deployed to accomplish each tactic for each phase of an attack (some industry reports already do this for some attacks and CIS will use those when available) 3. Identify the safeguards that mitigate each phase of the attack Many attack techniques have more than one mitigation. The three CIS Controls IGs correspond to three different levels of investment in security controls corresponding to the expected sophistication of the attacker, the importance of what is being protected, and the extent of anticipated harm. An enterprise can weigh the cost of a safeguard in the context of all of the mitigation effects in place to address an attack technique. MITRE provides some high-level mitigations to the attack techniques for each attack phase in its model. The list of MITRE mitigations allowed us to readily map our more implementable and granular safeguards to defensive measures against the attack techniques. CIS determined that the safeguards in IG1 provide defense against approximately 62% of the Techniques identified in the ATT&CK Framework with a focus on the Initial Access, Execution, Persistence, Privilege Escalation, and Defense Evasion of the top attack patterns’ stages (or Tactics). If these top attack patterns’ stages are successfully defended against, organizations can mitigate subsequent impacts of an attack. Most importantly, though, CIS determined that the safeguards in IG1 defend against the five most significant attack patterns from the 2019 Verizon DBIR. Any organization can start by implementing
CIS ascertained that the safeguards in IG1 provide defense against approximately 62% of the Techniques identified in the ATT&CK Framework... Most importantly, though, CIS determined that the safeguards in IG1 defend against the five most significant attack patterns from the 2019 Verizon DBIR. IG1 to create a solid foundation for cyber defense. Future reports will apply the CDM to more current attack patterns. An assessment will be made on the effectiveness of IG1 to defend against each attack pattern and options for additional safeguards from IG2 and IG3 will be identified that will help protect enterprises against more capable attackers and to defend more valuable assets. Organizations can factor in the information about the contribution each safeguard makes for countering threats when they perform a risk assessment that balances the cost of a defense measure against the harm that could result from an attack. Download the CIS Community Defense Model. Curtis Dukes joined CIS as the Executive Vice President and General Manager of the Best Practices and Automation Group in 2017. Prior to CIS, Dukes served as the Deputy National Manager (DNM) for National Security Systems (NSS). On behalf of the Director of NSA, the DNM is charged with securing systems that handle classified information or are otherwise critical to military and intelligence activities. He served in a variety of organizations within NSA and earned the Distinguished Executive, Meritorious Executive, as well as Exceptional Performance and Meritorious Civilian Service Awards. Dukes earned a Bachelor’s Degree in Computer Science from the University of Florida, and a Master’s Degree in Computer Science from Johns Hopkins University. He is a 2004 graduate of the Intelligence Community Officer Training Program.
15
Cybersecurity Quarterly
How to Achieve Continuous Compliance via the CIS Benchmarks Why making compliance an integral part of your day-to-day security operations, rather than an annual exercise, is critical and how the CIS Benchmarks can help. By Robert Johnson Over the last two decades, compliance has become an essential business function. Until a few years ago, many organizations were more concerned with compliance than with being secure. Thankfully, those days seem to have passed. Almost everybody now understands that security and compliance are not synonymous, and that both functions must work together to protect the organization. However, there are still some misunderstandings about compliance with frameworks such as PCI-DSS and regulatory requirements like the GDPR. In particular, many organizations consider compliance to be an annual exercise, while security is a separate and more important function.
Many organizations consider compliance to be an annual exercise, while security is a separate and more important function... I’d like to propose an alternative viewpoint — that maintaining continuous compliance is vital for both risk management and security. 16
I’d like to propose an alternative viewpoint — that maintaining continuous compliance is vital for both risk management and security.
The Need for Continuous Compliance Entertaining the idea that compliance is something to be ‘signed off’ once per year is a huge mistake. It practically guarantees that for most of each year, your systems and assets will be non-compliant. Imagine this common scenario. Your organization undergoes its annual compliance audit and passes. Then, a month later, the finance department purchases a new software solution, which requires a new server, user permissions, etc. Every change or addition made to accommodate the new solution is a potential source of vulnerabilities and compliance issues. Worse still, if you’re only checking for compliance once per year, those issues will probably remain undetected for 11 whole months. It gets worse. Business networks are constantly changing. New assets, users, and applications are added all the time, and configuration changes in particular are made constantly. While these changes are often essential, every single one is a potential source of security vulnerabilities and compliance issues.
Fall 2020
This is better known as compliance drift. By ensuring that your assets are always compliant with any necessary frameworks, you’ll be hardening your assets against cyber-attacks and protecting your organization against the financial hardship of non-compliance fines. Remember: even if your last compliance audit was clear, your organization can still be fined for non-compliance in the event of a breach. This is why continuous compliance checking is so important. Since configuration changes are among the most common sources of compliance issues, great care should be taken to ensure assets are configured securely at all times. The CIS Benchmarks are a valuable tool for achieving this.
What are the CIS Benchmarks? The CIS Benchmarks are a set of secure configuration guidelines for hardening common digital assets. They have been developed by the Center for Internet Security (CIS) in collaboration with a community of subject matter experts, security professionals, and technologists from around the world to help organizations secure their endpoints from configuration vulnerabilities. Depending on your security and compliance needs, the CIS Benchmarks have two configuration profile levels: Level 1 — Base recommendations that lower the attack surface of your organization while keeping machines usable and not hindering business functionality Level 2 — More stringent standards designed to maximize security posture in environments where security is essential
requirements of all major compliance frameworks 2. Easily exploitable security holes (e.g., unnecessary services, applications, and ports) have been closed
CIS Benchmarks for Compliance To be clear, the CIS Benchmarks aren’t a regulatory requirement in themselves. However, most prominent compliance and regulatory frameworks (including NIST CSF, ISO 27000, and PCI DSS) consider the CIS Benchmarks to be the industry standard and have configuration requirements that recommend the use of CIS Benchmarks. Even for frameworks that don’t directly reference the CIS Benchmarks, they are still globally accepted as the best practice for secure configuration, and used to help achieve compliance with the GDPR, HIPAA, FISMA, and many others. If your organization has any compliance obligations — and let’s face it, most do — configuring your assets in line with the CIS Benchmarks is a huge step toward achieving them.
Implementing the Benchmarks
There are CIS Benchmarks for more than 100 configuration guidelines across 25+ vendor product families, including Microsoft, IBM, and the major cloud providers. By configuring assets in line with the CIS Benchmarks — and keeping them that way — you can be sure of two things:
Implementing the CIS Benchmarks really comes down to two things. First, you have to bring all of your existing assets into line with the relevant CIS Benchmarks. Second, you have to make sure they stay that way.
1. They are compliant with the configuration
Of course, many organizations have a huge number of assets to configure, each with thousands of
17
Cybersecurity Quarterly
unique configuration options. Even completing an initial exercise to bring them in line with the CIS Benchmarks could easily take years if done manually. Since configuration changes are made all the time, it would realistically be impossible to ensure continuous compliance with the CIS Benchmarks without technological assistance. For these reasons, most organizations use automated tools to help them implement and maintain the CIS Benchmarks. In general, the tool of choice is a system integrity management solution that scans an organization’s environment and compares it against the latest version of the CIS Benchmarks. This tells the organization immediately whether its assets are configured in line with the CIS Benchmarks, and if they aren’t, exactly how to bring them in line. Once again, continuous coverage is key. Regularly identifying and correcting issues is the best way to prevent dangerous misconfigurations from creeping in. This can be accomplished by implementing a real-time and integrity management solution that also provides continuous compliance.
An Essential Basis for Security and Compliance In the cybersecurity industry, more attention is given to technology solutions, like firewalls and EDRs, that help organizations identify and block cyber-attacks. Meanwhile, techniques and solutions designed to ‘harden’ existing systems — and thereby close the vulnerabilities that make attacks possible are considered too labor intensive. Understandably, organizations prefer the idea of repelling cyber-attacks rather than spending time
18
Simply, maintaining asset configuration in line with the CIS Benchmarks is one of the most effective ways to reduce cyber risk and ensure continuous compliance with any of the major frameworks. improving their technological foundations. In reality, while firewalls and EDRs are extremely important, they can’t ‘make up’ for serious underlying issues in areas like configuration. This is why all the major compliance frameworks place such a high importance on secure configuration, and why most of them recommend implementation of the CIS Benchmarks as the accepted best practice. Maintaining asset configuration in line with the CIS Benchmarks is one of the most effective ways to reduce cyber risk and ensure continuous compliance with any of the major frameworks. Visit Cimcor to learn how they have incorporated CIS Benchmarks into their CimTrak Integrity Suite to improve security and compliance. Robert E. Johnson, III, is the President/CEO and co-founder of Cimcor, Inc. Founded in 1997, Cimcor develops cutting-edge IT security software that takes real-time file change detection to the next level by offering instant remediation of changes. This unique software helps companies meet compliance and regulatory requirements, continuously maintain compliance, stop zero-day attacks, protect valuable information, and help ensure 100% system up-time. Mr. Johnson has led the development of multiple commercial software packages and several patented and patent-pending technologies. He also serves on numerous boards, including: The Methodists Hospitals as Chairman of the Board, multiple national and international university boards, and the publicly traded NWI BankCorp/Peoples Bank, where he is currently chair of the risk management committee.
Fall 2020
19
Cybersecurity Quarterly
Introducing CIS CSAT Pro
An introduction to CIS's latest tool to help organizations effectively implement the security recommendations contained in the CIS Controls. By Aaron Piper Thousands of organizations have already made the move from traditional spreadsheet tracking of CIS Controls implementation to take advantage of the CIS Controls Self Assessment Tool (CIS CSAT). Now, CIS has introduced CIS CSAT Pro, which offers new features and benefits that build upon that foundation.
CIS CSAT is a companion tool that helps IT security teams track their implementation of every CIS Control and SubControl, or safeguard.
A hosted version of CIS CSAT has been available since January 2019, with the most recent v1.3.0 update occurring in June 2020. This version is and will remain free for non-commercial use by any organization.
companion tool that helps IT security teams track their implementation of every CIS Control and Sub-Control, or safeguard. Organizations can collaborate across teams with a built-in workflow to answer a set of questions based on the selected Implementation Group.
CIS CSAT makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document progress. CIS CSAT is a
The answers to the questions generate an overall score that shows how well an organization has implemented the CIS Controls. Progress is tracked over time and compared to industry average scores.
Key CIS CSAT Pro Features While still offering the same assessment workflow that users have come to rely on in the free version, CIS CSAT Pro, an on-premises version released in August 2020, offers some new benefits and features: Choose whether to share assessment data with CIS. By default, CIS CSAT Pro will not share an organizationâ&#x20AC;&#x2122;s assessment data. Users can opt in to share data anonymously in order to compare their
20
Fall 2020
Overall, CIS CSAT Pro gives users greater control over their data, while providing greater flexibility in how they manage users, organizations, and assessments within the tool.
scores to industry or other peer group averages. Create multiple organization trees. This feature provides greater flexibility in how to track organizations, sub-organizations, and assessments. Create multiple concurrent assessments in the same organization or sub-organization. Assign users to different roles for different organizations/sub-organizations. For instance, a user can be an Organization Admin for some organizations, while being assigned limited access to other organizations, and be given no role in still other organizations. Separate roles within an organization. A user can be given access to work on all parts of an organizationâ&#x20AC;&#x2122;s assessments without being given an administrative role in that same organization. Enjoy a simplified scoring process. Rather than requiring four scores per Sub-Control, CSAT Pro uses a simplified scoring method. It streamlines the process by only requiring one score per Sub-Control.
their cyber defense program, regardless of their size or resources. This powerful tool identifies well-implemented safeguards from the CIS Controls and highlights areas for improvement. This understanding is extremely useful to help organizations decide where to devote their limited cybersecurity resources.
Access CIS CSAT Pro CIS CSAT Pro is available through CIS SecureSuite Membership. Members also have access to CIS-CAT Pro, a configuration assessment tool for the CIS Benchmarks, as well as other resources. The addition of CIS CSAT Pro now allows Members to effectively assess their implementation of both CIS Benchmarks and CIS Controls. CIS CSAT Pro is available to CIS SecureSuite Members through CIS WorkBench. Aaron Piper is a Senior Cybersecurity Engineer for the Best Practices and Automation Group at CIS. He focuses on automation, tooling, and measurement efforts for the CIS Controls, and is the Product Owner for the CIS Controls Self Assessment Tool (CIS CSAT). Prior to working at CIS, Piper worked in cybersecurity for the federal government for more than a decade.
Organizations that already started assessments in the free version of CIS CSAT can easily export those assessments and import them into CIS CSAT Pro. Implementation scores carry over. Overall, CIS CSAT Pro gives users greater control over their data, while providing greater flexibility in how they manage users, organizations, and assessments within the tool. It can help organizations improve
21
Cybersecurity Quarterly
Cyberside Chat This Quarter's Topic: The Diderot Reflection By Sean Atkinson, Chief Information Security Officer, CIS
Recently, I was introduced to the Diderot Effect. The Diderot Effect is centered on the underlying effect of consuming a premium resource and when you compare this to your other resources, they pale in comparison. The motivation becomes the need to improve or purchase superior products and services to match your “new” more expensive standards. This creates a negative effect of ‘you can never consume enough’ to fulfill this new underlying need of reactive purchases to match your new elevated ideals. I began to think about how the concept may apply to cybersecurity. I started down the path of motivation for the management of security controls, the integration of frameworks, and the concept of continuous improvement. I wanted to use a similar process to describe the need for cybersecurity professionals to improve and manage controls within their enterprise. The idea is that once you start with a measurable control that contributes to the mitigation of risk, this becomes a motivating factor to enhance and define additional controls that reduce risk even further. The reflection of the underlying need to improve security controls is inherent within any organization. The emphasis within cybersecurity is the necessity to improve, and we always have room to compliment current control programs. This reflection article is not about the consumption of more services
Once you start with a measurable control that contributes to the mitigation of risk, this becomes a motivating factor to enhance and define additional controls that reduce risk even further. 22
or products to improve these processes, but to more effectively utilize your current control framework to motivate continuous improvements. The management and alignment of this new requirement of providing reportable mitigation metrics and validation of your control framework should be the motivating factor. The factor is focused on managing the gaps in terms of visibility, transparency, or the daunting unknown of missing controls in your enterprise. Therefore, your Diderot reflection is more about increasing your visibility and governance of controls and pushing forward with managed and reportable controls. To enable your Diderot motivation, the CIS Controls provide guidance on actionable controls that will fuel the desire for greater control and measurement of both a working governance of cybersecurity risk mitigation and quality metrics to report across the enterprise. An important element to understand is that the perspective I provide is not one of a consumption model with the requisite acquisition of new products and services which will alleviate the governance gaps. The aim is to align your enterprise control framework to a point where you are motivated to continuously improve control implementation and risk mitigation through a structured implementation program. At some point, new products and services may be needed to expose a gap. Be cautious not to fall into the Diderot Effect where you compare your new shiny tool to your current control technology infrastructure and want to upgrade, add, and/ or replace. Tools will not fulfill your needs for security; they should be used judiciously and with a perspective of being integrated for a long time in your strategic approach to security controls.
Fall 2020
ISAC Update The MS-ISAC and EI-ISAC Continue Solid Growth for 2020 Despite Challenging Times
The Annual Nationwide Cybersecurity Review (NCSR) is Open for SLTT Participation
As our nation starts shaking off the effects of the global pandemic, cybersecurity is becoming more “front of mind.” To wit, the 3rd quarter of 2020 has seen a steady uptick in membership growth, with 389 new SLTT entities joining our ranks. To date, we have added over 1,200 new members in 2020 and we fully expect to exceed 2,000 for the year. These numbers reflect the confidence the SLTT community places in the MS-ISAC and our value to their ongoing cybersecurity efforts. Total membership for the MS-ISAC now stands at 9,706 with our 10,000th member within reach.
The NCSR is a no-cost and anonymous selfassessment designed to measure gaps and capabilities of SLTT governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and is sponsored by DHS and the MS-ISAC. The 2020 NCSR is available to complete through December 31, 2020.
The EI-ISAC continues to provide superior value to the elections community in this presidential election year. Our recent outreach program in Oklahoma netted 80 new members in the state and we are pursuing similar efforts in both Kentucky and Connecticut. Total EI-ISAC membership stands at 2,784, with our 3,000th member just around the corner. Additionally, we continue to support the rollout of and encourage member participation in new services that add to the many benefits of ISAC membership, such as the new Malicious Domain Blocking and Reporting (MDBR) service and our Endpoint Detection and Response (EDR) program. While 2020 is not the year that we would want repeated, the MS- and EI-ISACs have used this time wisely to streamline operations and improve our customer driven focus. Thank you to all of our current members for your efforts on our behalf and for touting the benefits of membership to your SLTT colleagues. We are stronger and more connected than ever before!
The NCSR evaluates cybersecurity maturity across the nation, while providing actionable feedback and metrics directly to individual respondents. Using the results of the NCSR, DHS delivers a biyearly anonymous summary report to Congress providing a broad picture of the cybersecurity maturity across the SLTT communities. New NCSR participants can register at https://www. cisecurity.org/ms-isac/services/ncsr/. This page also includes resources such as Frequently Asked Questions, a General User Guide, a Policy Template Guide, and various reporting templates. Benefits of NCSR participation include: • Automated metrics to identify your organization’s cybersecurity maturity gaps • Development of a benchmark to gauge year-toyear progress • Anonymous measurement of your results against your peers • Attainment of resources and services that can help you mitigate gaps in your maturity • Fulfillment of the NCSR assessment requirement for the Homeland Security Grant Program (HSGP). • For HIPAA compliant organizations, the ability to translate your NCSR scores to the HIPAA Security Rules for an automatic self-assessment tool The MS-ISAC had its greatest year of NCSR participation in 2019, and we hope to build on that momentum for 2020!
23
Cybersecurity Quarterly
Upcoming Events September September 30 The ISAO Standards Organization will be hosting its 4th Annual International Information Sharing Conference (IISC) online. Representatives from information sharing groups, security practitioners, major technology innovators, and cybersecurity organizations will come together to address information sharing issues impacting communities locally, regionally, nationally, and abroad. MSISAC Program Executive Ginger Anderson will be a featured speaker at the event, discussing the use of threat intelligence to prioritize defensive choices. Learn more at https://www.isao.org/iisc2020/.
October October 1 Cyber Security Summit: Houston will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. CIS CISO Sean Atkinson will be a featured speaker at the online event, leading a panel discussion covering security orchestration and automation. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/houston20/. October 6 - 9 The PCI Security Standards Council (SCC) will be hosting its virtual 2020 North America Community Meeting. The meeting will bring the financial security community together to network with colleagues, ask questions, share information, and collaborate. CIS will be sponsoring the event, hosting a virtual exhibit space, and will be hosting a tech demo on Friday, October 9 to illustrate how to use CIS-CAT Pro to implement the CIS Benchmarks and Controls in order to meet PCI compliance regulations. Learn more at https://events. pcisecuritystandards.org/north-america.
24
October 7 - 8 The State of Michigan will virtually host the 2020 North American International Cyber Summit. This event will bring together experts from around the globe to provide timely content and address a variety of cybersecurity issues impacting the world. Attendees will hear from government and industry leaders on the latest developments and gain insights into managing today's security challenges. Learn more at https://events.esd.org/cyber-summit/ October 9 Cyber Security Summit: Seattle will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature keynotes from U.S. DOJ and CISA. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/seattle20/. October 15 Cyber Security Summit: Scottsdale will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature a closing keynote from CISA. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/scottsdale20/. October 20 Cyber Security Summit: Nashville will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature a closing keynote from CISA. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/nashville20/.
Fall 2020
October 26 - 28 The 10th Annual Cyber Security Summit will take place virtually. The event will bring together professionals from industry, government, and academia with different viewpoints on cybersecurity to hear from experts, learn about trends, and discuss actionable solutions. For more information on the event, visit https://www.cybersecuritysummit.org/. October 30 Cyber Security Summit: Columbus will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature a closing keynote from CISA. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/columbus20/.
November November 5 Cyber Security Summit: Boston will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature keynotes from the U.S. DOJ and CISA. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/boston20/.
from the tribal gaming and healthcare industries to connect and discover opportunities in solutions, best practices, and technology. Learn more at https://www.tribalnetconference.com/. November 18 - 20 The National League of Cities (NLC) will be hosting its 2020 NLC City Summit virtually. The event will connect local leaders from across the country who are learning the new normal, rebuilding their communities, and growing their skills through panel discussions, keynotes, fireside chats, and workshops. Learn more at https://citysummit.nlc.org/. November 20 Cyber Security Summit: New York will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature keynotes from the U.S. DOJ and CISA. Through our partnership, SLTT institutions can receive free admission to the event. Contact the CIS CyberMarket team for more details and learn more at https:// cybersummitusa.com/summit/newyork20/.
December
December 10 Cyber Security Summit: Los Angeles will take place, bringing together executives, business leaders, and cybersecurity professionals virtually to learn about the latest cyber threats. The event will feature a closing keynote from CISA. Through November 10 our partnership, SLTT institutions can receive free Cyber Security Summit: Silicon Valley will take admission to the event. Contact the CIS CyberMarket place, bringing together executives, business leaders, team for more details and learn more at https:// and cybersecurity professionals virtually to learn cybersummitusa.com/summit/losangeles20/. about the latest cyber threats. The event will feature keynotes from the U.S. DOJ and CISA. Through December 16 our partnership, SLTT institutions can receive free Cyber Security Summit: Toronto will take place, admission to the event. Contact the CIS CyberMarket bringing together executives, business leaders, and team for more details and learn more at https:// cybersecurity professionals virtually to learn about cybersummitusa.com/summit/siliconvalley20/. the latest cyber threats. CIS CISO Sean Atkinson will be a featured speaker, leading panel discussions on November 10 - 11 security orchestration and insider threats. Through The 21st Annual TribalNet Conference and our partnership, SLTT institutions can receive free Tradeshow will take place virtually, bringing admission to the event. Contact the CIS CyberMarket together tribal government professionals, team for more details and learn more at https:// technology decision makers, and business leaders cybersummitusa.com/summit/toronto20/.
25
Copyright Š 2020 Center for Internet Security, All rights reserved.
Interested in being a contributor? Please contact us: info@cisalliance.org www.cisecurity.org 518.880.0699