Cybersecurity Quarterly (Spring 2023)

20 Years of Collaboration

Spring 2023

Volume 7 Issue 1

Founded MMXVII

Editor-in-Chief

Michael Mineconzo

Supervising Editor

Laura MacGregor

Copy Editors

David Bisson

Autum Pylant

Staff Contributors

Jay Billington

Stephanie Gass

Paul Hoffman

Mia LaVada

Phyllis Lee

Greta Noble

Aaron Piper

Thomas Sager

Lex Smith

Karen Sorady

The Power of Women in IT Security Auditing

How women are transforming the traditionally male-dominated field

New Content and Tooling Updates from CIS Security Best Practices

New features, updates, and resources to help apply our security best practices Security

Quarterly Updatewith John Gilligan

As the cold weather subsides and trees and flowers begin to blossom, we are pleased to present the spring issue of Cybersecurity Quarterly

Cyber attacks against critical infrastructures and private organizations continue to dominate the news. There has also been an expansion of Russian cyber attacks beyond Ukraine, targeting countries and organizations that have provided support to the country. With the recent publication of the National Cybersecurity Strategy, the U.S. has identified areas of focus for our nation’s cyber resilience efforts. These include defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals. I note with particular interest the recognition of the need to change market forces to provide incentives for system developers to improve the quality of their products.

The theme of this issue is collaboration. The newly-released National Cybersecurity Strategy emphasizes the importance of collaboration, between government and industry as well as among organizations both domestically and internationally, as key to any effort to turn the corner on containing cyber attacks. Several of this issue's articles highlight the important work that information sharing and analysis centers (ISACs) as well other organizations are playing in improving our collective response to cyber attacks and improving the cyber resilience of organizations.

Karen Sorady, Vice President for MS-ISAC Member Engagement, has provided an article on the evolution and current state of the Multi-State ISAC, which is celebrating its 20th anniversary. From the initial meeting in 2003 led by Will Pelgrin, then an executive in New York State government, to an ISAC with over 15,000 members, the evolution has been quite spectacular. Paul Hoffman

and Greta Noble, also from MS-ISAC Member Engagement, have provided a companion article that highlights recent accomplishments of the MS-ISAC, including achieving 15,000 members.

Elizabeth Wu, a close partner of CIS, has provided a piece on female leaders in IT security auditing. March is Women’s History Month, and we appreciate Elizabeth helping to recognize our talented women security auditors. Our partner Akamai has submitted a piece that explains the capabilities of the recentlyreleased Malicious Domain Blocking and Reporting Plus (MDBR+). The federally-funded MDBR offering has been enormously beneficial to MS- and EI-ISAC members, blocking almost three billion attempts to access known malicious IP domains in 2022. MDBR+, a new paid option, provides additional features, including acceptable use policy capabilities, that were requested by a number of SLTT organizations.

Mia LaVada, Product Manager for CIS Hardened Images, has submitted a piece on CIS’s collaborative efforts with AWS to release hardened components based on the CIS Benchmarks for AWS’s EC2 Image Builder, an exciting new capability to automate the assembly of components into a resilient operational environment in the AWS cloud. This promises to significantly ease the effort and decrease the time needed to compose or revise environments in the cloud. Finally, Stephanie Gass, our Director of Governance, Risk & Compliance, has provided this quarter’s CISO column, discussing collaboration in risk and compliance policy development.

Please enjoy this quarter’s issue, and have a great spring!

Best Regards,

John M. Gilligan

President & Chief Executive Officer Center for Internet Security

“The newly-released National Cybersecurity Strategy emphasizes the importance of collaboration... as key to any effort to turn the corner on containing cyber attacks.”

Want more visibility and control of your organization’s web activity?

Get started with a secure web gateway service.

Malicious Domain Blocking and Reporting Plus (MDBR+)

Learn more

News Bits & Bytes

The Center for Internet Security (CIS) is proud to announce the creation of the Alan Paller Laureate Program in memory of Alan Paller, an innovative leader and trailblazer in the field of cybersecurity. The program will empower U.S. nonprofits, academic institutions, and individuals who are focused on improving cybersecurity by making security controls more effective, simpler, and more automated; developing and equipping highly skilled cyber experts; and improving the teaching of cyber defense. The program will award up to $250,000 annually to eligible organizations or individuals whose projects, proofs of concept, or existing programs are selected through an annual competitive application process. To learn more about the program, visit https://www.cisecurity. org/about-us/alan-paller-laureate-program .

CIS CyberMarket is offering MS- and EI-ISAC members the ability to participate in a proof of value of our new Cyber Defense Tool, powered by CyberWA. In exchange for feedback on your experience, participating members can use the tool at no cost for 30 days to assess their cybersecurity capabilities and preparedness and export action plans. In these action plans, you'll receive recommendations aligned to the CIS Controls, including no-cost and low-cost offerings from CIS and CIS CyberMarket vendor offerings to improve your cybersecurity posture. To learn more, visit https://www.cisecurity.org/ services/cis-cybermarket/cyber-defense-tool

CIS has worked with Oracle Cloud Marketplace to expand the international availability of our CIS Hardened Images. CIS Hardened Images have been available on the Oracle Cloud Marketplace for some time now, but primarily

in the U.S. This meant users operating outside of the U.S. weren't able to use them. Oracle Cloud Marketplace has now enabled CIS to provide CIS Hardened Images in the United Kingdom, Canada, and Brazil. Best of all, if you operate in these countries, you will be able to pay for a CIS Hardened Image in USD or local currency. This helps to make migrating to the cloud and securing your cloud-based systems as easy as possible. Learn more at https://www. cisecurity.org/insights/blog/expanding-theavailability-of-cis-hardened-images-on-oracle

After partnering to offer Endpoint Security Services (ESS), CIS and CrowdStrike have announced the debut of ESS Spotlight. The new service leverages the cloud-native power of the CrowdStrike Falcon Platform to bring together endpoint detection and response (EDR) with vulnerability management to provide real-time visibility into vulnerabilities and exposures. As a result, U.S. state, local, tribal, and territorial (SLTT) governments, K-12 public schools, and public hospitals can consolidate key components of their security stacks to reduce costs and increase protection by creating a single view of their vulnerability exposure. To learn more, visit https://www. cisecurity.org/services/endpoint-security-services

Join Phyllis Lee, CIS VP of Security Best Practices Content Development, and her cohosts on The CyberCast, a podcast series built for MSPs, MSSPs, and IT practitioners. Each episode covers a different CIS Control, how it maps to different frameworks, its impact, how to build a policy around it, how threat actors try to exploit it, common mistakes when implementing it, and more. Regardless of your architecture — cloud, hybrid, or on-premise — the CIS Controls will help you with your cybersecurity program. If you are an MSP, rely on one, or want to learn how the Controls apply to you, listen to the series at https://www.thecybercast. com/1647205 or on your favorite podcast app.

MS-ISAC: 20 Years as Your Trusted Cyber Defense Community

The MS-ISAC has proudly reached a key milestone: serving two decades as the trusted cybersecurity partner for the U.S. State, Local, Tribal, and Territorial government community

The last few years have been momentous for the Center for Internet Security (CIS). In 2020, we celebrated 20 years of working with organizations to create confidence in the connected world. We’re excited to celebrate another milestone: 2023 marks the 20 th anniversary of the Multi-State Information Sharing and Analysis Center (MSISAC). That’s two decades as the trusted cyber defense community for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.

The MS-ISAC: Then and Now

The MS-ISAC took shape as its own entity in 2003 with an initial purpose of sharing threat information and best practices around cybersecurity with

We’re excited to celebrate another milestone: 2023 marks the 20th anniversary of the MultiState Information Sharing and Analysis Center (MS-ISAC). That’s two decades as the trusted cyber defense community for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.

governments nationwide. Things changed in 2010 when CIS was charged with maintaining the growing community. As part of this transition, we expanded no-cost cybersecurity resources to SLTT government entities – a mission that has continued to the present day.

A Greater Variety of Cyber Defense Resources

Since 2010, the MS-ISAC has made leaps and bounds in the ability to equip member organizations in cyber defense. Our 24x7x365 Security Operations Center (SOC) monitors and analyzes potential security incidents involving member organizations in real time. It also helps member organizations respond to incidents with

early cyber threat warnings and advisories along with vulnerability identification and mitigation.

In 2011, we launched a pilot for the Albert Intrusion Detection System (IDS). This costeffective service uses NetFlow logs to review data retroactively, which augments our ability to monitor networks and identify malicious activity. Albert also draws on the combined expertise of the CIS SOC, our Cyber Incident Response Team (CIRT), and our Cyber Threat Intelligence (CTI) team to provide additional monitoring and management, threat intelligence, and incident response support to members at no extra cost.

This brings us to 2020, or the year we launched the Malicious Domain Blocking & Reporting (MDBR) and Endpoint Detection and Response (EDR) services. The former is a cloud-based solution that takes less than 15 minutes to implement and can prevent IT systems from connecting to known malicious domains. The latter serves the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), an elections-specific cyber defense community that formed in 2018. It deploys on endpoints, continuously monitors them for anomalous activity, and assists with asset management. This service was expanded in 2022 to become available to all MS-ISAC members at low cost as CIS Endpoint Security Services (ESS).

A Trusted Cyber Defense Community

The other part of our story involves how much we’ve grown as the trusted cyber defense community for U.S. SLTTs over 20 years. In 2015, for example, we reached our 1,000 th member. Representatives from all 50 states, 49 state capitals, as well as hundreds of local governments, tribal governments, and U.S. territories made up our ranks.

We grew considerably in the next few years and recently hit our 15,000 th member! This expanded membership includes all six U.S. territories, 183 tribal entities, 1,641 cities, 1,482 counties, 4,222 K-12 schools or districts, 854 higher education institutions, 3,553 EI-ISAC member organizations, and 80 fusion centers, among others.

To a Year of Continued Growth

As we're celebrating the MS-ISAC's 20th anniversary, MS-ISAC members are contributing to the value of our community every day through collaboration, sharing of best practices, mentorship, and the use of our current and emerging cyber defense services. This year and in the years ahead, the MS-ISAC will continue to be an educational resource for our membership's evolving cybersecurity needs, and we will continue to expand and foster opportunities of collaboration between members. This includes

hosting our Annual MS-ISAC Meeting in August. During this banner year for our MS-ISAC community, we look forward to gathering to celebrate the cyber defense community we've built together.

Join the Community

Not a member? Membership in the MS-ISAC is open to employees or representatives from all 50 states, the District of Columbia, U.S. territories, local and tribal governments, public K-12 education entities, public institutions of higher education, authorities, and any other non-federal public entity in the United States of America. This is always a free and voluntary membership for all these eligible organizations. To learn more and join, visit the MSISAC homepage

After joining the MS-ISAC, you might be wondering what happens next. You can get started with your membership in six simple steps.

Send your public-facing IP ranges and domain/subdomain space to our SOC – This will ensure you can gain access to our IP and domain monitoring service so that you remain protected against harmful domains.

Register for the MS-ISAC new member webinar – Use the link in your orientation email to register for our webinar and learn more about how you can begin experiencing the benefits of MS-ISAC membership.

Sign up for Malicious Domain Blocking and Reporting – Available at no cost to MS-ISAC members, MDBR is a highly effective secure DNS service that can begin protecting your organization against harmful web domains in less than 15 minutes.

Use the Homeland Security Information Network to register for access to MS-ISAC Communities – After receiving a DHS invitation, you'll need to register and verify your identity. You can then leverage CISA's resources and collaborate with other MS-ISAC members around collective defense.

Become a CIS SecureSuite Member – All MS-ISAC members are eligible for a free CIS SecureSuite Membership. It provides access to resources that

can help secure your organization and fulfill your compliance responsibilities more effectively.

Attend the MS-ISAC Annual Meeting – Join hundreds of your peers in SLTT government to hear from cybersecurity experts, learn about the latest methods and tools to protect against cyber attacks, and network in-person with other IT and cybersecurity professionals. Be sure to save the date for our 16th Annual ISAC Meeting, which will be held August 6-9, 2023, at the Grand America Hotel in Salt Lake City, Utah

Your account manager is also always available to help answer any questions about your membership, or you can reach out to the MS-ISAC team at info@ cisecurity.org.

Karen Sorady is the Vice President of SLTT Engagement at the Center for Internet Security. In this role, Sorady oversees engagement efforts, both regionally and within our critical infrastructure community segments. She serves as the lead executive managing relationships with the MSISAC Executive Committee and the MS-ISAC’s relationships with security executives among the states and territories.

Sorady has a wealth of experience in public sector cybersecurity and information technology after having previously served as New York State’s Chief Information Security Officer. Her background includes executive cyber and information technology leadership, governance, strategic planning, risk management, security outreach and awareness, threat and vulnerability management, and incident response.

Sorady holds a Master of Business Administration from the State University of New York at Albany and a Bachelor of Arts in Psychology from the State University of New York at Oneonta. She holds certifications as an Information Systems Security Professional (CISSP), in Risk and Information Security Controls (CRISC), and in Strategic Planning, Policy and Leadership (GSTRT).

Advanced Threats. Maximum Protection.

Spring 2023

Ensure users and devices can safely connect from anywhere, with industry-leading protection.

Proactively identify, block, and mitigate targeted threats, including zero-day attacks, malware, and phishing.

See Why

statusPollChannel <- reqChan;timeout := time.After(time.Second); select { case result := <- reqChan: if "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { Target make(chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan statusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- workerActive; doStuff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; ue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", http.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); ter(time.Second); select { case result := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint(w, fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };package main; import ( "fmt"; "time" ); type ControlMessage struct { Target string; Count int64; }; func main() { controlChannel make(chan bool); statusPollChannel := make(chan chan bool); workerActive := false;go admin(controlChannel, respChan := <- statusPollChannel: respChan <- workerActive; case msg := <-controlChannel: workerActive := <- workerCompleteChan: workerActive = status; }}}; func admin(cc chan ControlMessage, statusPollChannel Func("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings.Split(r.Host, ":"); FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; msg := ControlMessage{Target: fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.EscapeString(r.FormValue("target")), http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); statusPollChannel <- reqChan;timeout <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; log.Fatal(http.ListenAndServe(":1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; { Target string; Count int64; }; func main() { controlChannel := make(chan ControlMessage);workerCompleteChan make(chan chan bool); workerActive := false;go admin(controlChannel, statusPollChannel); for workerActive; case msg := <-controlChannel: workerActive = true; go doStuff(msg, workerCompleteChan); workerActive = status; }}}; func admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.HandleFunc("/admin", *http.Request) { hostTokens := strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r.FormValue("count"), fmt.Fprintf(w, err.Error()); return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; Target %s, count %d", html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w reqChan := make(chan bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, Serve(":1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; Count int64; }; func main() { controlChannel := make(chan ControlMessage);workerCompleteChan := workerActive := false;go admin(controlChannel, statusPollChannel); for { select { case respChan msg := <-controlChannel: workerActive = true; go doStuff(msg, workerCompleteChan); case status admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.HandleFunc("/admin", func(w strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r.FormValue("count"), return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter, bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); select { case result fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1 "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct := make(chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan controlChannel, statusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <true; go doStuff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = statusPollChannel chan chan bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) r.ParseForm(); count, err := strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, sage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for ue("target")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan reqChan;timeout := time.After(time.Second); select { case result := <- reqChan: if result { fmt.Fprint(w, case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };package "strconv"; "strings"; "time" ); type ControlMessage struct { Target string; Count int64; }; trolMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bool); workerActive for { select { case respChan := <- statusPollChannel: respChan <- workerActive; case msg := workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; func {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings.Split(r.Host, strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.EscapeString(r.FormValue

Introducing MDBR+: Customized Security for

Government Organizations

Akamai has partnered with CIS to provide enhanced security services for U.S. State, Local, Tribal, and Territorial government organizations

Since it was launched in May 2020, the Malicious Domain Blocking and Reporting (MDBR) service has successfully helped nearly 3,000 U.S. State, Local, Tribal, and Territorial (SLTT) government organizations improve their security defenses against malware, ransomware, and phishing attacks.

Since the service was launched, it has proactively blocked 10.7 billion requests to known or suspected malicious domains, drastically reducing organizational risk and potential costs associated with malware remediation.

MDBR: An Easy-to-Activate, Fully Managed Service

MDBR is available at no cost to members of the Multi-State Information Sharing and Analysis Center and the Elections Infrastructure Sharing & Analysis Center. It is delivered via a partnership between the Center for Internet Security (CIS) and Akamai.

The service is quick and simple for members to activate — all a member has to do is configure their local DNS forwarders to point to Akamai’s DNS resolver IP addresses. After that, all DNS requests are routed to Akamai, where every request is inspected and compared against Akamai’s real-time threat intelligence

Since the Malicious Domain Blocking and Reporting (MDBR) service was launched, it has proactively blocked 10.7 billion requests to known or suspected malicious domains.

Both a High-Level Summary and Deeper Insights

Members receive a weekly report from the CIS Security Operations Center (SOC) that provides a high-level summary and deeper insights into the malicious domains that have been blocked, including information on threat severity, threat types, threat confidence level, and the top domains blocked. The report also provides the context about why the threat was blocked based on what Akamai knows about that domain.

MDBR is a fully managed service; every SLTT member has the same security policy, which is configured and managed by CIS security analysts and data engineers. This provides a huge amount of value for security teams, but it has historically meant that members who want more customization of this service have been unable to get it.

Introducing MDBR+

Greater customization is now possible with the introduction of Malicious Domain Blocking and Reporting Plus (MDBR+).

MDBR+ is a new, cost-effective offering that builds on the existing capabilities of MDBR and provides SLTT organizations with a quick-toconfigure, easy-to-deploy, cloud-based secure web gateway service that enables them to further reduce risk and increase their security defenses.

The Benefits of MDBR+

MDBR+ provides:

A cloud-based management portal that allows security and acceptable use policies (AUPs) to be configured and managed, enabling each organization to create custom policies

Easy integration of third-party threat feeds and the ability to create custom allow or deny lists

The ability to inspect and control risky HTTP/S traffic through a cloud-based proxy

The ability to identify shadow IT applications and block or allow based on category or risk

The capability to create custom block pages that are displayed to users when a policy blocks a web request

Real-time logging and reporting that provides overviews of traffic, threat, and AUP events,

allowing rapid identification and remediation of compromised devices

Protection and policy enforcement for laptops, tablets, and smartphones that are used remotely or connected to guest Wi-Fi

CIS + Akamai = A Successful Partnership

“MDBR has been hugely successful at proactively blocking threats that could have significantly impacted the ability of SLTT organizations to deliver public services,” said Patrick Sullivan, VP, CTO of Security Strategy at Akamai. “MDBR+ will allow SLTT security teams to customize their environments and policies to enable employees to work where they need to while quickly enhancing their organization’s security posture, identify compromised devices, and protect devices used off-network.”

“We are pleased to expand our partnership with Akamai to deliver the MDBR+ service to enhance the web security of state and local government organizations,” said Gina Chapman, Executive Vice President, Sales and Business Services at CIS. “MDBR+ harnesses Akamai’s extensive visibility into the global threat landscape, combined with CIS’s robust SLTT-specific threat database, and offers security teams real-time visibility and custom configuration options to increase their cybersecurity defenses.”

MDBR+ is available now to U.S. SLTT organizations. Visit the CIS website for more service information and pricing details, or read the CIS blog to learn more about how MDBR+ can strengthen your organization's web security.

To find out more about Akamai’s secure web gateway, check out Akamai Secure Internet Access Enterprise

Jim Black is a Senior Product Marketing Manager in Akamai's Enterprise Security Group. He has spent his entire career in technology, with roles in manufacturing, customer support, business development, product management, public relations, and marketing.

The Power of Women in IT Security Auditing

As someone who has been an IT security auditor and consultant for over 20 years, I can recall a time not long ago when I was one of five women at Microsoft events and was the only IT security auditor for infrastructure and organizational ecosystems. Women have long been underrepresented in the IT field and more specifically in IT security auditing, but slowly over time, the industry has come to understand how women's diverse experiences and perspectives can help organizations identify vulnerabilities and implement solutions that male auditors may have overlooked.

The Power of Women in IT Security Auditing

The power of women in IT security auditing lies in their ability to approach problems from a different angle than their male colleagues. Women tend to be detail-oriented and have strong analytical skills that are critical in identifying security risks and vulnerabilities. They can often identify risks that men may overlook, which is essential in ensuring that organizations are protected against cyber threats.

Additionally, women bring a collaborative approach to IT security auditing. They work well in teams and are skilled at building relationships with clients and stakeholders. Women can identify and address

security risks more effectively and efficiently by working collaboratively.

Women also tend to have strong communication skills essential in IT security auditing. They can effectively communicate complex security risks and recommendations to clients and stakeholders, ensuring everyone is on the same page and working toward the same goal. By effectively sharing security risks and recommendations, women are helping organizations better protect themselves against cyber threats.

Changing the World One Audit at a Time

Women in IT security auditing are changing the world one audit at a time. They are helping organizations to better protect themselves against cyber threats, which is essential in today's digital world. By identifying security risks and vulnerabilities, effectively communicating with clients and stakeholders, and working collaboratively in teams, women are helping organizations in better preventing data breaches and other cyber attacks that can have devastating consequences. This, in turn, is making the world safer for everyone.

Women are also inspiring the next generation of IT security professionals. Breaking down barriers

Like the rest of the technology sector, IT security auditing has long been a male-dominated profession. But women are steadily bringing their unique strengths to the field

and proving that women can excel in traditionally male-dominated fields shows young girls and women that anything is possible. This leads to greater diversity and inclusion in the area, which is essential in ensuring we have the best and brightest minds working in IT security auditing and creating a safer digital world for everyone.

As part of the small group of women who’ve worked in the industry for decades, I strive to be an inspirational leader in the field of cybersecurity IT auditing and pave the way for more women to enter the industry. A few years ago, I chose to become one of an even smaller group of women entrepreneurs in the IT sector and founded my own security auditing company, Cybersecurity Auditing Technologies Inc. (CAT Inc.). Together with our fantastic team, CAT Inc. created a proprietary platform called EDD-i that displays a continuous security status from its automated IT auditing platform based on the CIS Controls and NIST. EDD-i is designed specifically for business leaders who want to know the security status without having to rely on their IT resource or track accountability activities. EDD-i's additional benefits support ESG strategies for every department. With our company’s unique perspective, I hope to be an example of how women can make a difference in the field of cybersecurity IT auditing.

More Work Still to be Done

The power of women in IT security auditing is undeniable. Women are breaking down barriers, bringing unique perspectives and skillsets, and changing the world one audit at a time. However, it is essential to acknowledge that there is work still to be done. Despite progress, women are still underrepresented in IT security auditing as well as the IT and cybersecurity fields as a whole. Also, gender biases and discrimination still exist. Women still only account for less than 25% of the global cybersecurity workforce. They are even less wellrepresented in leadership positions, with only around 16% of CISOs and 21% of CIOs being female. It is crucial to continue to advocate for diversity and inclusion in the field and for organizations to actively seek out and hire women for IT security auditing roles.

Furthermore, providing support and mentorship to women entering the field is crucial. Women need access to resources and opportunities to grow and develop their skills in IT security auditing. This support can include mentorship programs, networking events, and training and development opportunities.

In conclusion, women have proven valuable assets in IT security auditing, bringing unique perspectives, insights, and skillsets to the field. Women are changing the world one audit at a time by breaking down barriers and inspiring the next generation of IT security professionals. It is essential to continue to advocate for diversity and inclusion in the field and provide support and mentorship to women entering the industry. By doing so, we can ensure that the best and brightest minds are working to create a safer digital world for everyone.

Elizabeth Wu is a Canadian entrepreneur who is Founder and CEO of Cybersecurity Auditing Technologies Inc. (CAT Inc.). After 20 years of experience in IT security auditing and consulting working on behalf of the business, Wu and her team have created the only automated IT security auditing platform that continuously measures the vulnerabilities of an IT ecosystem. CAT’s mission is to reduce the number of data breaches by empowering business leaders with IT auditing facts and improve accountability and transparency in their IT departments. With their platform, organizations are able to avoid up to 80% of cyber attacks and turn cyber risk into cyber confidence.

New Content and Tooling Updates from CIS Security Best Practices

Our

The CIS Security Best Practices team has been hard at work this past quarter to develop and release new resources and product updates to help our users.

CIS Controls Mappings

The CIS Controls team has updated all of our existing mappings that match the CIS Controls and Safeguards to common industry frameworks. All of the mappings were updated with three changes in total.

The "Intersects With" Relationship Is Removed

Emphasize Shared Effort

Added a Page of Unmapped CIS Safeguards

for the CIS Controls

The team has also added more brand new mappings in CIS WorkBench and our website, including ISO/ IEC 27001:2022, CISA's cross-sector Cybersecurity Performance Goals (CPGs), U.S. Transportation Security Administration's Security Directive Pipeline-2021-02 (TSA SD 2021-02) series, Cyber Risk Institute (CRI) Profile v1.2, Australian Signals Directorate's (ASD's) Essential Eight, and New Zealand Information Security Manual (NZISM) v3.5.

To complement the new mappings, we've also updated CIS Controls Navigator. Use this webpage to learn more about the Controls and Safeguards and see how they map to other security standards.

CIS Controls Self Assessment Tool (CIS CSAT)

The Security Best Practices team has also released a number of updates and fixes to the suite of CIS CSAT tools.

A number of updates have been made to CIS CSAT Pro Version 1.11.0, including improved visibility of system settings, improved navigation and visibility for System Admin users, improved assessment editing and sorting, and newly added mappings. A number of bug fixes and security updates were also made, including an important security update regarding third-party packages to resolve

team of engineers and content experts continue their collaboration with our global community of experts to make new and updated resources

vulnerabilities present in embedded package dependencies.

CIS-Hosted CSAT Version 1.6.0 also received a number of updates, including updates to the new user request process and new CSAT Knowledge Base articles. Updates include some bug and security fixes as well, such as fixes to the calendar, Maturity Rating calculation, and account login security.

Additionally, the CIS CSAT Ransomware Business Impact Analysis Tool Version 1.0.4 received security updates updating numerous thirdparty dependencies to newer versions.

CIS Controls Communities

The CIS Controls are built upon the shared knowledge of our global community, and the Controls team has developed new communities to foster collaboration and information sharing, specifically for the SLTT community.

Essential Cyber Hygiene for K12s is a private community for K-12 schools. The community allows volunteers from the K-12 sector to safely share ideas and have discussions as well as develop and promote essential cyber hygiene content. The community also includes a discussion for essential cyber hygiene (or Implementation Group 1 of the CIS Controls) out-of-the-box in partnership with Google.

Essential Cyber Hygiene in the SLTT Environment is a private community for IT and security professionals who work at SLTT organizations. It allows volunteers from the SLTT community to safely share ideas and have discussions as well as develop and promote essential cyber hygiene content.

If you are in the K-12 and/or SLTT sector and would like to join these communities, please contact the CIS Controls team at controlsinfo@cisecurity.org.

We at CIS greatly appreciate the many global security experts who volunteer to create and support the CIS Controls. Our resources represent the effort of a veritable army of volunteers from across the industry who generously give their time and talent in the name of a more secure online experience for everyone.

Thanks to people like you, the CIS Critical Security Controls continue to grow in influence and impact across a worldwide community of adopters, vendors, and supporters. Our nonprofit business model is only possible because the industry is filled with people who have great technical expertise and great community spirit. Let’s continue to collaborate to create confidence in a connected world!

Aaron Piper is a Senior Cybersecurity Engineer at the Center for Internet Security (CIS). He focuses on automation, tooling, and measurement efforts for the CIS Critical Security Controls (CIS Controls), and he is the Product Owner for the CIS Controls Self Assessment Tool (CIS CSAT). Prior to working at CIS, Piper worked in cybersecurity for the federal government for more than a decade.

Thomas Sager is currently an Associate Cybersecurity Engineer for the CIS Critical Security Controls at CIS. In this role, he is dubbed as the team cryptographer for mapping of the CMMC and PCI frameworks to the CIS Critical Security Controls. Prior to joining the Controls team, Sager was a commercial security consultant under a federal contractor, greatly benefitting from the opportunity to work within a variety of client environments.

Security in the Cloud with More Automation

Hopefully, you’ve been working with the Center for Internet Security (CIS) on securing your cloud infrastructure for a while now. Initially, you might have used our CIS Benchmarks and other free resources to manually configure your operating systems in the public cloud. Now, you might be using the CIS Hardened Images , virtual machine (VM) images that are pre-hardened to the CIS Benchmarks recommendations. They are both designed to help you avoid misconfigurations and stay secure against common cloud security threats.

We’re now making cloud security automation easier for you by releasing CIS hardening components in EC2 Image Builder on Amazon Web Services (AWS).

Automation as a Pain Point

Our CIS hardening components help give you more options for building a golden image, especially when you need to automate your image creation process. It can be time-consuming to spin up a VM and manually add your custom service/app, but it's even harder if you have dozens of different components or configuration templates you want to use. That's time and money for manual configurations you don't have.

The CIS hardening components help you overcome this obstacle by integrating into EC2 Image Builder,

It can be time-consuming to spin up a VM and manually add your custom service/app, but it's even harder if you have dozens of different components or configuration templates you want to use. That's time and money for manual configurations you don't have. The CIS hardening components help you overcome this obstacle by integrating into EC2 Image Builder.

an AWS service for building golden images. The components consist of Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows. Either format frees you from needing to manually develop a golden image for your desired operating system (OS).

Let's take a look at the image creation process of EC2 Image Builder to understand how.

You begin with an OS base image to start your image customization. In the case of our CIS hardening component, you're starting with a CIS Hardened Image from the AWS Marketplace.

CIS is making security in the cloud even easier for you by releasing a CIS hardening component in EC2 Image Builder on Amazon Web Services (AWS)

Either with the EC2 Image Builder Console, CLI, API, Cloud Formation, or CDK, along with the console, you use your subscribed CIS Hardened Image in EC2 Image Builder and customize that image to your organizational needs. That could be adding applications like build environments, business productivity tools, and databases.

Execute the CIS hardening component in EC2 Image Builder to secure your image to the CIS Benchmark Level 1 profile for that operating system.

Once you have the configurations you need for your golden image, you can go through the test phase in EC2 Image Builder to make sure the output image meets your criteria.

A successful test phase means you can begin using the golden image across your organization.

From a resources perspective, the main benefit of the CIS hardening components is that they let you buy and not build. By "buy," we mean automatically

configuring what you want. EC2 Image Builder works by adjusting your image to your desired criteria in an automated way. As a result, you can build a golden image more efficiently and with fewer errors while saving time and money.

Rollout of the CIS Hardening Components

We're planning to roll out the CIS hardening component for EC2 Image Builder in two phases.

Phase 1 = General Availability

As Phase 1, you're now able to start with a CIS Hardened Image in EC2 Image Builder's pipeline to get access to the CIS hardening component for your preferred operating system. The components are available for the following CIS Hardened Images in AWS:

Amazon Linux 2 Level 1

Microsoft Windows Server 2019 Level 1

Microsoft Windows Server 2022 Level 1

Red Hat Enterprise Linux 7 Level 1

Say you want to use the CIS hardening component for Amazon Linux 2 Level 1, as an example. You can subscribe to the CIS Hardened Image for Amazon Linux 2 Level 1 from the AWS Marketplace and use that as your base image in the pipeline. By using that Hardened Image, you gain access to the CIS hardening component and its use in EC2 Image Builder.

A few things to note. Initially, you don't have the ability to customize specific settings within the CIS Benchmark content. You need to apply all of them or none of them during this phase. Once the image pipeline has created your golden image and you have manually configured any necessary settings or failures, CIS SecureSuite Members can use CISCAT Pro to scan the output image. It's also possible to validate that the component worked correctly by using existing licenses for certified tools of CIS SecureSuite Product Vendor Members

In terms of pricing, you'll receive access to both the CIS Hardened Image and the associated CIS hardening component for the cost of the CIS Hardened Image on AWS, which is two cents per compute hour. Use of the Hardened Image grants you access to the CIS hardening component. There's no separate pricing for the component itself.

Phase 2 = Additional Functionality

We're still defining the features of the next release and want to include changes that specifically address user feedback. So, subscribe to our CIS Hardened Images on the AWS Marketplace and reach out to us from the support section for feedback on the CIS hardening component. Alternatively, you can raise feature requests directly to EC2 Image Builder on AWS.

effort to offer more features tailored for cloud services and to make it easier for you to uphold your cloud security.

We have more customization and functionality planned for Phase 2. For now, we encourage you to begin using our CIS hardening components and tell us what you think so that we can make it even better going forward.

You can try out the CIS components today on AWS by visiting https://console.aws.amazon.com/ imagebuilder

Mia LaVada is a product manager for the CIS Benchmarks and Cloud products at the Center for Internet Security (CIS). She has been with CIS since June 2019. As a strong believer in the power of community, LaVada regularly works with CIS Members to help ensure CIS addresses the needs of the global cybersecurity community. She’s also particularly passionate about finding solutions to further secure the ever-changing cloud ecosystem.

Integration: A Key for Security in the Cloud

Are you looking for more automation to apply CIS best practices to your workloads in AWS? If so, you can use our CIS hardening components. With EC2 Image Builder, you can also leverage the broader AWS ecosystem for your cloud operations. It's our

With EC2 Image Builder, you can leverage the broader AWS ecosystem for your cloud operations. It's our effort to offer more features tailored for cloud services and to make it easier for you to uphold your cloud security.

Cyberside Chat

United We Stand: The Importance of Collaboration in Cybersecurity from a Governance, Risk and Compliance (GRC) Perspective

In today's digital landscape, collaboration in cybersecurity is a vital component for safeguarding businesses and governments from ever-evolving threats. A coordinated approach is essential to ensuring stability and success in all sectors. Highlighting the importance of collaboration in cybersecurity from a governance, risk, and compliance perspective enables a myriad of benefits to create a unified strategy.

Effective governance in cybersecurity is anchored in strong communication channels, clearlydefined roles, and shared responsibilities among stakeholders. Cooperation between IT, security, and other organizational departments is crucial for formulating a comprehensive cybersecurity strategy that addresses the constantly changing threat landscape. This includes exchanging information on potential vulnerabilities, reporting incidents, and jointly developing and implementing robust security policies. It is critical to extend collaborative efforts beyond an organization's internal structure. Establishing partnerships with other businesses, industry groups, and government entities is essential for staying informed about emerging threats and best practices. Information Sharing and Analysis Centers (ISACs) are a great way to foster these relationships, as they facilitate the exchange of threat intelligence and encourage a proactive approach to cybersecurity that enables organizations to respond more effectively to potential risks.

Collaboration throughout the organization is vital for effective risk management, empowering the organizational stakeholders to identify, assess, and mitigate cybersecurity risks. A collective effort ensures that risk assessments and mitigation strategies are comprehensive and well-informed,

taking into account the unique perspectives of the stakeholders. Besides sharing threat intelligence, benefits are gained from joint research and development initiatives aimed at creating innovative cybersecurity solutions. Participating in simulations and exercises to test and refine security measures as well as sharing lessons identified from security incidents are other ways to encourage collaborative risk management practices.

Due to rapidly changing regulations, collaboration in cybersecurity is crucial for effective compliance strategies. The need for organizations to work closely with regulatory bodies, partners, and industry groups ensures their security measures align with the latest standards. This collaborative approach fosters a proactive cybersecurity culture, enabling businesses to stay ahead of potential threats. Through the sharing of knowledge and experiences, organizations can better navigate complex regulatory requirements, implement effective controls, and reduce the risk of noncompliance penalties. Ultimately, a united front in cybersecurity compliance leads to a safer digital environment for all stakeholders.

Cybersecurity governance, risk, and compliance is a continuous, intertwining cycle that needs to be nurtured. Risks are a part of everyday business, but to manage those risks, a foundation of governance should be in place to achieve organizational strategies and goals. Compliance is a way to measure and minimize the impact of risks through controls. Having a cybersecurity GRC program alone is not sufficient. It needs to be embedded in the culture of the organization through collaboration to create a unified approach to improve the organization’s cybersecurity posture.

ISAC Update

In 2023, members of the Multi-State Information Sharing and Analysis Center (MS-ISAC) have two more reasons to be proud of their participation in this unique cybersecurity collaborative for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. First, we are celebrating the MS-ISAC’s 20 th anniversary this year. That’s 20 years of collaboration, support, and shaping the cybersecurity environment among the SLTT community. And as a testament to our robust group, the MS-ISAC onboarded its 15,000 th member in March. As the word spreads of the dynamic, transformative efforts of the MS-ISAC and its members, more and more organizations continue to join every day to be a part of the discussion, share in the no-cost resources and tools, and level up their cyber defenses.

We hosted more than 83 virtual service reviews to ensure individuals are fully leveraging their MS-ISAC membership.

We conducted 12 in-person service reviews as part of our travel schedule.

We attended 25 conferences or events, presenting on current cyber threats as well as MS-ISAC services and resources.

We gathered feedback on the unique needs and requirements of our member community in order to continually refine our products, services, and overall support of SLTTs. We’re always listening!

We concluded the 2022/2023 MS-ISAC Leadership Mentoring Program, having supported more than 230 mentor/mentee relationships and promoted increased cyber maturity and collaboration among our membership.

As our numbers grow, the important work of serving our member community continues. The MS-ISAC is beginning reach out to governors offices in all 56 states and territories in pursuit of proclamations for Cyber Awareness Month in October. We’re looking for a clean sweep of all 56! Thank you for your continued support of these vital awareness efforts.

We may be celebrating reaching our 20 th year and our 15,000 th member, but there has been no time for a victory lap in the first quarter of 2023. Our team has been busy doing what we love — serving MS-ISAC members. Here’s what we’ve been up to.

As 2023 progresses, members will continue to see ways in which you can help us celebrate the 20th anniversary of the MS-ISAC with informative new webinar series and the MS-ISAC event of the year —our 16th Annual ISAC Meeting in Salt Lake City, August 6 – 9. With the continued support of our member organizations, we’ll continue our commitment to connect, collaborate, and promote cybersecurity among the SLTT community. We’re better together!

First, we are celebrating the MSISAC’s 20 th anniversary this year.

That’s 20 years of collaboration, support, and shaping the cybersecurity environment among the SLTT community. And as a testament to our robust group, the MS-ISAC onboarded its 15,000 th member in March.

Upcoming Events

April

April 17 – 20

The Alliance for Innovation will host its 2023 Transforming Local Government Conference at the Kansas City InterContinental Hotel in Kansas City, Missouri. The event will bring together local government leaders and professionals from across the country to network, learn from industry experts, and discover innovative solutions to their unique challenges. Learn more at https://transformgov.org/.

April 21

Cyber Security Summit: Nashville will take place at the Renaissance Nashville Hotel in Nashville, Tennessee, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/nashville23/

April 24 – 27

RSA Conference 2023 will take place at the Moscone Center in San Francisco. It is one of the industry's premier events to bring information security leaders from around the world together to network and learn from each other. 2023's theme is Stronger Together, emphasizing that we are a community of many. No one goes it alone; we build on each other’s diverse knowledge to create the next breakthrough. CIS CISO Sean Atkinson will co-lead a breakout session on how CISOs and pentesters can collaborate to evaluate and improve an organization's security posture. Also, the CIS team will be at Booth 6378 in the North Expo, sharing our cybersecurity resources, as well as opportunities to join our volunteer community and contribute to developing our security best practices. Learn more at https://www.rsaconference.com/usa

April 30 – May 3

The National Association of State Chief Information Officers (NASCIO) will host its 2023 NASCIO Midyear Conference at the MGM National

Harbor in National Harbor, Maryland. The event will bring together state CIOs and other state leaders as well as senior staff and professionals from across the country to network with peers, learn about the latest topics of interest from industry experts, and collaborate with technology partners. Learn more at https://www.nascio. org/conferences-events/2023midyear/.

May

May 1

The Association of Computer Technology Educators of Maine (ACTEM) will host the ACTEM 2023 Spring Leadership Conference at the Holiday Inn by the Bay in Portland, Maine. The event will provide discussions on timely topics for technology leaders and their staff as they continue to support technology in Maine schools. MS-ISAC Maturity Services Manager Emily Sochia will lead a session on assessing cybersecurity programs and identifying priority activities. Learn more at https://www. actem.org/SpringLeadershipConference/

May 2

Cyber Security Summit: Dallas will take place at the Sheraton Dallas Hotel in Dallas, Texas, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/dallas23-may/

May 8 – 10

The American Public Power Association (APPA) will host its 2023 Cybersecurity Summit at the Hilton Denver City Center in Denver, Colorado. Cybersecurity leaders and professionals from the nation's public power utilities will come together to learn from experts and colleagues on facing evolving threats and developing cybersecurity programs. MS-ISAC Regional Engagement Manager Kyle Bryans will lead a session on cybersecurity

resources for public utilities. Learn more at https:// www.publicpower.org/event/cybersecurity-summit

May 17

The SANS Small Business Cyber Summit will take place virtually. The free event will focus on the unique security concerns of small and medium businesses (SMBs), and attendees will learn actionable strategies from industry experts to keep their business secure and network with peers tackling the same hard-to-solve problems. Senior Cybersecurity Engineer Josh Franklin will lead a session on how SMBs can use the CIS Controls to defend against cyber threats. Learn more at https:// www.sans.org/cyber-security-training-events/ cybersecurity-small-businesses-summit-2023

May 17 – 19

The Governmental Information Processing Association of Wisconsin (GiPAW) will host the GiPAW Spring Conference at the Best Western Waterfront Hotel & Convention Center in Oshkosh, Wisconsin. Government IT leaders and professionals from across the state will gather to hear from experts on the latest industry developments and challenges. MS-ISAC Regional Engagement Manager Megan Incerto will lead a session on strengthening cybersecurity posture and no-cost cybersecurity resources for SLTTs. Learn more at https://gipaw. org/mec-events/2023-spring-conference/

May 18

Cyber Security Summit: Denver will take place at the Hilton Denver City Center in Denver, Colorado, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/summit/ denver23/

May 18 – 19

The Vermont Information Technology Association for the Advancement of Learning (VITA-LEARN) will host its 2023 Dynamic Landscapes Conference at Champlain College in Burlington, Vermont. The event will bring together K-12 educators from across the state to support the use of information technology to transform

education through professional development, training, and networking opportunities. MS-ISAC Regional Engagement Manager Elijah Cedeno will co-lead a session on cyber assessments and cybersecurity resources for K-12 schools. Learn more at https://vita-learn.org/dynamiclandscapes/.

May 19

The 2023 Resilient Alaska Conference will take place at the BP Energy Center in Anchorage, Alaska. The event will bring together SLTT IT and cybersecurity leaders and professionals from across the state to learn from industry experts, network with peers, and engage in workshops and tabletop exercises. Multiple members of various teams from the MS-ISAC will be on-site to collaborate with CISA and other partners to lead educational sessions and tabletop exercises at the regional event.

May 22 – 24

The International Association of Chiefs of Police (IACP) will host its 2023 IACP Technology Conference at the Salt Palace Convention Center in Salt Lake City, Utah. The event is dedicated to discussing technology in law enforcement, and attendees can expect presentations and professional development covering a broad array of new and emerging technologies. MS-ISAC Maturity Services Manager Emily Sochia and Regional Engagement Manager Michelle Nolan will co-lead a session on how agencies can assess their current cyber posture and resources to improve their cyber maturity. Learn more at https://www.theiacp.org/tech-conference.

May 25

Cyber Security Summit: Austin will take place at the JW Marriott Austin in Austin, Texas, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/austin23/

June

June 7

Cyber Security Summit: Salt Lake City will take place at the Sheraton Salt Lake City Hotel in Salt

Lake City, Utah, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/summit/ saltlakecity23/.

June 7 – 8

Amazon Web Services (AWS) will host AWS Summit Washington D.C. at the Walter E. Washington Convention Center in Washington, D.C. This no-cost event is tailored for IT leaders, decision-makers, and practitioners of the public sector community. Attendees will engage in interactive learning, network among public sector industry leaders and AWS experts, engage with partners driving innovation, and more. Learn more at https://aws. amazon.com/events/summits/washington-dc/.

June 13 – 14

Amazon Web Services (AWS) will host AWS re:Inforce at the Anaheim Convention Center in Anaheim, California. AWS's cloud security-focused conference will allow cloud security leaders and professionals from around the world to come together and learn how the latest AWS security advancements can help their businesses and customers for 2023 and beyond. At re:Inforce, top security leaders, builders, and partners will share their expert insights; attendees can connect with them to solve their real-world challenges. The CIS team will be on the show floor, sharing our cloud security resources for AWS with attendees. Learn more at https://reinforce.awsevents.com/

June 13

Cyber Security Summit: Hartford will take place at the Hartford Marriott Downtown in Hartford, Connecticut, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/hartford23/.

June 14 – 16

The Arkansas Municipal League will host its 89 th Annual Convention at the Little Rock Statehouse

Convention Center in Little Rock, Arkansas. The event will bring together municipal officials from across the state to provide them with the opportunity to discuss common problems and to learn new developments and techniques in local government and public administration. MS-ISAC Regional Engagement Manager Kyle Bryans will co-lead a session on cybersecurity threats and best practices for SLTT governments. Learn more at https://www.arml.org/

June 22

Cyber Security Finance & Banking Summit will take place virtually, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats in the financial sector. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https:// cybersecuritysummit.com/summit/finance23/.

July

July 20

Cyber Security Summit: DC Metro will take place at the Ritz-Carlton, Tysons Corner in McLean, Virginia, bringing together business leaders and cybersecurity professionals to learn about the latest cyber threats. Through our partnership, SLTT entities can receive free admission. Contact the CIS CyberMarket team for more details. Learn more at https://cybersecuritysummit.com/summit/ dcmetro23/.

July 21 – 24

The National Association of Counties (NACo) will host the 2023 NACo Annual Conference and Expo at the Austin Convention Center in Austin, Texas. The event is the largest meeting of county officials from across the country. Participants from counties of all sizes will come together to shape NACo’s federal policy agenda, share proven practices, and strengthen their knowledge to help improve residents’ lives and the efficiency of county government. The MS-ISAC team will be on the show floor, sharing our cybersecurity resources for county governments. Learn more at https://www.naco.org/ events/2023-naco-annual-conference-exposition